Security Incidents mailing list archives
Re: Analysis: AboveNet attacks
From: ltaylor () TECHNOLOGYEVALUATION COM (Laura Taylor)
Date: Wed, 3 May 2000 10:45:39 -0400
They took the IP address of one of the switches off their website, but so what, they left on the host name...just do a reverse ping for the IP. -l. -----Original Message----- From: Richard Bejtlich [mailto:bejtlich () TEXAS NET] Sent: Monday, May 01, 2000 8:15 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Analysis: AboveNet attacks Excellent analysis Robert. I'm passing your message to my analysts for their education. Poking around http://www.above.net/network/network.html , it looks like Above.net still lists the IPs you mentioned. This reminds me of the business/education/etc network diagrams shown in each issue of Network Computing magazine (http://www.networkcomputing.com). This "centerfold" is a great resource for anyone looking to break into a company -- why would anyone volunteer their entire topology, albeit minus IP addresses? Richard --- In the case of AboveNet, they actually tell everyone the IP addresses of their switches. They post to their website map the current status of all their equipment and Internet connections. They essentially publicize where to find the equipment and classify it in a well-known category of attacks that might bring it down.
Current thread:
- Re: Analysis: AboveNet attacks Richard Bejtlich (May 01)
- Re: Analysis: AboveNet attacks Robert Graham (May 02)
- Re: Analysis: AboveNet attacks Ville (May 06)
- Re: Analysis: AboveNet attacks Paul Cardon (May 02)
- <Possible follow-ups>
- Re: Analysis: AboveNet attacks Laura Taylor (May 03)
- Re: Analysis: AboveNet attacks Robert G. Ferrell (May 04)
- Re: Analysis: AboveNet attacks Filip M. Gieszczykiewicz (May 08)
- Re: Analysis: AboveNet attacks Robert Graham (May 02)