RE: Sagonet - Failing miserably with network security Someone needs to handle this.
Not that this is his real name, or business, but a whois on the IP yields: [whois.arin.net] Sago Networks SAGO-20030401 (NET-65-110-32-0-1) 65.110.32.0 - 65.110.63.255 Anton Tenev SAGO-65-110-62-120 (NET-65-110-62-120-1) 65.110.62.120 - 65.110.62.129 -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Chris Jester Sent: Sunday, October 29, 2006 11:29 AM To: nanog@nanog.org Cc: abuse@sagonet.com Subject: Sagonet - Failing miserably with network security Someone needs to handle this. 65.110.62.120 Sagonet, We have a serious hacker here who is ACTIVLY engaged in logins on our network (have him in a honeypot at the moment). He is running exploits from your network and also I have been hearing from others that you have been notified of this a few times yet have done nothing about it. Can we get someone to handle this immediately please? This hacker has rooted at least 35 servers on a friends network (friendly competitor) and now hes scanning ours... This is what was said by my friend after contacting you guys about this: "Good... They will not listen... I have provided them logs, screen shots, etc..." Additionally, I would LOVE to know what is on that server... this guy is not to be taken lightly, he is VERY methodical and patient. He's problably owning your network too. [root@mail /home]# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp 0 0 :::38300 :::* LISTEN tcp 0 0 ::ffff:66.11.112.15:38300 ::ffff:65.110.62.120:59979 ESTABLISHED ESTABLISHED
Customer has been nuked. -- Jordan Medlen Sago Networks On Oct 30, 2006, at 11:54 AM, Lasher, Donn wrote:
Not that this is his real name, or business, but a whois on the IP yields:
[whois.arin.net] Sago Networks SAGO-20030401 (NET-65-110-32-0-1) 65.110.32.0 - 65.110.63.255 Anton Tenev SAGO-65-110-62-120 (NET-65-110-62-120-1) 65.110.62.120 - 65.110.62.129
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Chris Jester Sent: Sunday, October 29, 2006 11:29 AM To: nanog@nanog.org Cc: abuse@sagonet.com Subject: Sagonet - Failing miserably with network security Someone needs to handle this.
65.110.62.120
Sagonet,
We have a serious hacker here who is ACTIVLY engaged in logins on our network (have him in a honeypot at the moment). He is running exploits from your network and also I have been hearing from others that you have been notified of this a few times yet have done nothing about it. Can we get someone to handle this immediately please?
This hacker has rooted at least 35 servers on a friends network (friendly competitor) and now hes scanning ours...
This is what was said by my friend after contacting you guys about this: "Good... They will not listen... I have provided them logs, screen shots, etc..."
Additionally, I would LOVE to know what is on that server... this guy is not to be taken lightly, he is VERY methodical and patient. He's problably owning your network too.
[root@mail /home]# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address
State tcp 0 0 0.0.0.0:21 0.0.0.0:*
LISTEN tcp 0 0 :::38300 :::*
LISTEN tcp 0 0 ::ffff:66.11.112.15:38300 ::ffff:65.110.62.120:59979 ESTABLISHED ESTABLISHED
On Mon, 30 Oct 2006, Jordan Medlen wrote:
Customer has been nuked.
This is the time to mention that unlike a couple of years ago, Sagonet is very responsive to C&C reports, and deals with them very efficiently and quickly. Sagonet is a pleasure to work with on botnet abuse issues. Gadi.
-- Jordan Medlen Sago Networks
participants (3)
-
Gadi Evron
-
Jordan Medlen
-
Lasher, Donn