Security Incidents mailing list archives

Re: Hybris Worm

From: PRESSO-CERT <cert () PRESSO NET>
Date: Sun, 4 Feb 2001 18:54:09 +0100

On Sun, 4 Feb 2001 12:05:16 -0500, accidentally sitting over the keyboard,
gabriel rosenkoetter <gr () ECLIPSED NET> produced the following string:

Received: from hacker (ppp-171-74.30-151.libero.it [151.30.74.171])

[...]
The validity of that IP address is also questionable, but it might
be worth getting in touch with the good folks at libero.it and
seeing who was connected to that slot on their dial-up box at that
time. (It's almost definitely a stolen account, of course.)


libero.it is an Italian ISP which give away free internet access, so it's
trivial for a lamer to get an account. Anyway they keep track of CID and
do not
allow connections from customer who disable trasmission of Caller ID.
But, according with the italian law, they cannot give away theese infos
unless requested by a judge.

--
Gian Luca Matteucci (GLM64-RIPE)

----------                                              -------------
  PreSSo@net - Servizio tecnico     WebAgency - Technology partner
  Web: http://www.presso.net/       Web: http://www.webagency.as/
  email: staff () presso net           GSM: +39 329 6878 213
----------                                             --------------

Current thread:

Hybris Worm Gilbert Alaverdian (Feb 03)
- Re: Hybris Worm Brett Glass (Feb 04)
- Re: Hybris Worm gabriel rosenkoetter (Feb 04)
  - Re: Hybris Worm PRESSO-CERT (Feb 04)