Sagonet - Failing miserably with network security Someone needs to handle this.
65.110.62.120 Sagonet, We have a serious hacker here who is ACTIVLY engaged in logins on our network (have him in a honeypot at the moment). He is running exploits from your network and also I have been hearing from others that you have been notified of this a few times yet have done nothing about it. Can we get someone to handle this immediately please? This hacker has rooted at least 35 servers on a friends network (friendly competitor) and now hes scanning ours... This is what was said by my friend after contacting you guys about this: "Good... They will not listen... I have provided them logs, screen shots, etc..." Additionally, I would LOVE to know what is on that server... this guy is not to be taken lightly, he is VERY methodical and patient. He's problably owning your network too. [root@mail /home]# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp 0 0 :::38300 :::* LISTEN tcp 0 0 ::ffff:66.11.112.15:38300 ::ffff:65.110.62.120:59979 ESTABLISHED ESTABLISHED
i am confused. are you seeking host security advice? or are you just trying to play name and shame? can help with former. randy
Chris Jester wrote:
65.110.62.120
Sagonet,
We have a serious hacker here who is ACTIVLY engaged in logins on our network (have him in a honeypot at the moment). He is running exploits from your network and also I have been hearing from others that you have been notified of this a few times yet have done nothing about it. Can we get someone to handle this immediately please?
Thank you for the report. I've added 65.110.62.120 in our perimeter firewalls, on the off chance that the guy has broken into one or more servers at American Internet (Reno). If he (she) did, it may explain some traffic anomolies we've been seeing this past week.
participants (3)
-
Chris Jester -
Randy Bush -
Stephen Satchell