The owner did not allow any further action to the box except to have it removed from the network . So until the owner sends someone in to clean up we won't know anything more.
8-( Did Exodus atleast try to do some sniffing of traffic or captures at the router or SOMETHING? Or will we never know anything more about this? Tuc/TTSG
James
At 10:54 PM 11/15/98 -0500, TTSG wrote:
I have received a call from Exodus. The machine (209.67.50.254) has been removed from the network by request of the owner of the box.
Great!, but..............
a) Did they end up obtaining access to another site and will begin there?
b) WAS the origination actually the box as people have claimed, or was it spoofed?
c) There was a report that it had stopped earlier (As seen below from Roeland), is anyone still seeing it?
d) Was the box just YANKED, or did someone actually try to find out if there was someone/something on it and where its origin is?
Tuc/TTSG
James
At 07:22 PM 11/15/98 -0800, Roeland M.J. Meyer wrote:
Sombody musta got them, 'cause their gone now.
Seeing it here, too.
At 18:52 11/15/98 -0500, Daniel Senie wrote:
sigma@pair.com wrote: > > Let me guess - the IP is 209.67.50.254, and they're trying to login to > nameservers as "root", sometimes a dozen times per second?
I'm seeing that IP address trying to telnet into my name servers (don't know if it's as root, since my filters are blocking them). I also see them trying to access IMAP on my servers.
Dan
-- ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranthnetworks.com
William S. Duncanson caesar@starkreality.com The driving force behind the NC is the belief that the companies who brought us things like Unix, relational databases, and Windows can make an appliance
At 06:25 PM 11/15/98 -0600, William S. Duncanson wrote: that
is inexpensive and easy to use if they choose to do that. -- Scott Adams
___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com Internet phone: hawk.mhsc.com Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com/ ___________________________________________ Who is John Galt? "Atlas Shrugged" - Ayn Rand
James McKenzie mcs@1ipnet.net http://www.1ipnet.net
James McKenzie mcs@1ipnet.net http://www.1ipnet.net