[21483] in North American Network Operators' Group
Re: Exodus / Clue problems
daemon@ATHENA.MIT.EDU (TTSG)
Sun Nov 15 23:31:17 1998
From: TTSG <ttsg@ttsg.com>
To: mcs@1ipnet.net (James McKenzie)
Date: Sun, 15 Nov 1998 23:12:49 -0500 (EST)
Cc: ttsg@ttsg.com, nanog@merit.edu
In-Reply-To: <3.0.5.32.19981115200258.007c0100@mail.1ipnet.net> from "James McKenzie" at Nov 15, 98 08:02:58 pm
>
>
> The owner did not allow any further action to the box except to have it
> removed from the network . So until the owner sends someone in to clean up
> we won't know anything more.
>
8-( Did Exodus atleast try to do some sniffing of traffic or
captures at the router or SOMETHING? Or will we never know anything more
about this?
Tuc/TTSG
> James
>
> At 10:54 PM 11/15/98 -0500, TTSG wrote:
> >>
> >>
> >> I have received a call from Exodus. The machine (209.67.50.254) has been
> >> removed from the network by request of the owner of the box.
> >>
> > Great!, but..............
> >
> > a) Did they end up obtaining access to another site and will begin
> > there?
> >
> > b) WAS the origination actually the box as people have claimed, or
> > was it spoofed?
> >
> > c) There was a report that it had stopped earlier (As seen below
> > from Roeland), is anyone still seeing it?
> >
> > d) Was the box just YANKED, or did someone actually try to find
> > out if there was someone/something on it and where its
> > origin is?
> >
> > Tuc/TTSG
> >> James
> >>
> >> At 07:22 PM 11/15/98 -0800, Roeland M.J. Meyer wrote:
> >> >Sombody musta got them, 'cause their gone now.
> >> >
> >> >At 06:25 PM 11/15/98 -0600, William S. Duncanson wrote:
> >> >>Seeing it here, too.
> >> >>
> >> >>At 18:52 11/15/98 -0500, Daniel Senie wrote:
> >> >>>sigma@pair.com wrote:
> >> >>>>
> >> >>>> Let me guess - the IP is 209.67.50.254, and they're trying to login to
> >> >>>> nameservers as "root", sometimes a dozen times per second?
> >> >>>
> >> >>>I'm seeing that IP address trying to telnet into my name servers (don't
> >> >>>know if it's as root, since my filters are blocking them). I also see
> >> >>>them trying to access IMAP on my servers.
> >> >>>
> >> >>>Dan
> >> >>>
> >> >>>--
> >> >>>-----------------------------------------------------------------
> >> >>>Daniel Senie dts@senie.com
> >> >>>Amaranth Networks Inc. http://www.amaranthnetworks.com
> >> >>
> >> >>
> >> >>William S. Duncanson caesar@starkreality.com
> >> >>The driving force behind the NC is the belief that the companies who
> >> >brought us
> >> >>things like Unix, relational databases, and Windows can make an appliance
> >> >that
> >> >>is inexpensive and easy to use if they choose to do that. -- Scott
> Adams
> >> >>
> >> >
> >> >___________________________________________________
> >> >Roeland M.J. Meyer, ISOC (InterNIC RM993)
> >> >e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com
> >> >Internet phone: hawk.mhsc.com
> >> >Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer
> >> >Company web-site: <http://www.mhsc.com/>www.mhsc.com/
> >> >___________________________________________
> >> > Who is John Galt?
> >> > "Atlas Shrugged" - Ayn Rand
> >> >
> >> >
> >>
> >> James McKenzie
> >> mcs@1ipnet.net
> >> http://www.1ipnet.net
> >>
> >
> >
>
> James McKenzie
> mcs@1ipnet.net
> http://www.1ipnet.net
>
