Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167]

From: m_a_n_i_a_c_ () HOTMAIL COM (Maniac .)
Date: Fri, 7 Jan 2000 17:43:04 GMT

The attacker seems to know only enough to be a danger and definately doesn't
know enough not to use his @home connection.  Have you contacted @home?
Good luck if you have.  In the past I have reported attacks from @home
customers to @home (shaw cable where I am) and recieved no action of any
sort.

Does anyone have a good contact at @Home that we can report things like this
to?  This user is also using the cr595282-a that @home assigns to users when
they do the install. Definately a lack of knowledge on the attackers part.
Even if their IP address changes, the cr59# is uniqe and follows his
workstation.



The attacker from this IP address is using an RPC scanner to search for
versions of amd that has a buffer overflow, and exploiting it. They are
then using the exploited systems to scan other subnets and exploit those
systems, etc. etc. etc..

My system was used as one of these launch points to get in to at least 2
other systems, one of which got destroyed.


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
Previous By Date Next
Previous By Thread Next

Current thread: