Security Incidents mailing list archives
Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167]
From: m_a_n_i_a_c_ () HOTMAIL COM (Maniac .)
Date: Fri, 7 Jan 2000 17:43:04 GMT
The attacker seems to know only enough to be a danger and definately doesn't know enough not to use his @home connection. Have you contacted @home? Good luck if you have. In the past I have reported attacks from @home customers to @home (shaw cable where I am) and recieved no action of any sort. Does anyone have a good contact at @Home that we can report things like this to? This user is also using the cr595282-a that @home assigns to users when they do the install. Definately a lack of knowledge on the attackers part. Even if their IP address changes, the cr59# is uniqe and follows his workstation.
The attacker from this IP address is using an RPC scanner to search for versions of amd that has a buffer overflow, and exploiting it. They are then using the exploited systems to scan other subnets and exploit those systems, etc. etc. etc.. My system was used as one of these launch points to get in to at least 2 other systems, one of which got destroyed.
______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas E. Ruth (Jan 06)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Jeffrey Papen (Jan 07)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas E. Ruth (Jan 07)
- <Possible follow-ups>
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Maniac . (Jan 07)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas E. Ruth (Jan 07)
- Cable modem hosts being exploited to spam. TCP ports 224, 253 Aaron Higbee (Jan 07)
- Probe from NS2.SOHONET.COM Jonathan S. Keim (Jan 08)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Missouri FreeNet Administration (Jan 10)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas Molina (Jan 11)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Andrew Kunz (Jan 11)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas E. Ruth (Jan 07)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Andy David (Jan 10)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Maniac . (Jan 11)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Maniac . (Jan 11)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Al Huger - Mail Account (Jan 14)