Security Incidents mailing list archives
Re: Network attack from S1 Corporation
From: "Kelvin" <kelvin () sec33 com>
Date: Thu, 26 Jul 2001 14:20:09 -0500
Interesting point, The scans and the web-spidering has been going on for weeks now, and strange enough a web data-collection company out of VA, was also spidering sec33.com. An email was sent to the IT department at S1 inquiring about the spidering but was never responded to, I waited another 4 days or so, then did the re-direct for their netblock. Minutes after the redirect started, they got very aggressive and began tool scans of the site. At this point, I thought if the situation were reversed this is would be very straight forward. I have been doing some more digging through the logfiles trying to identify/discover anything else that has been done, and / or determine other systems that might be connected to the original offending netblock. But am not having too much luck. They use random machines that belong to employees to scan and DoS the site. Today's logs show a series of refreshes in excess of 5000 or so on the index.html page but they are from an IP that is not anywhere near any of the previous. I wonder if they think that they are untouchable, and in many cases they may be. I am going to leave it lay for a while. Unless anyone has any better ideas on how to handle it. Maybe they will get bored. ;-\ I am at a loss now. ----- Original Message ----- From: "Sonny Samson" <sonofsamson () excite com> To: <kelvin () sec33 com> Cc: <incidents () securityfocus com> Sent: Thursday, July 26, 2001 1:43 PM Subject: Re: Network attack from S1 Corporation
Dear Kelvin, I was reviewing your email and log files about S1. The question came to my mind was how do you know that S1's boxens were not owned by an outsider, making them the double victim of both an exploiters efforts as well as the victim of yours? If they can show that they were hacked and the script running of their
boxes
were placed by another, are you likely to do jail time. You certainly
have
posted enough evidence to show your intent don't you think. Just a thought... Son of Samson _______________________________________________________ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Network attack from S1 Corporation Kelvin (Jul 25)
- <Possible follow-ups>
- Re: Network attack from S1 Corporation Kelvin (Jul 26)
- Re: Network attack from S1 Corporation H C (Jul 26)
- Re: Network attack from S1 Corporation Kelvin (Jul 29)
- Re: Network attack from S1 Corporation H C (Jul 26)