[93178] in North American Network Operators' Group
Sagonet - Failing miserably with network security Someone needs to
daemon@ATHENA.MIT.EDU (Chris Jester)
Sun Oct 29 14:28:21 2006
Date: Sun, 29 Oct 2006 11:28:47 -0800 (PST)
From: "Chris Jester" <chris_jester@suavemente.net>
To: nanog@nanog.org
Cc: abuse@sagonet.com
Reply-To: chris_jester@suavemente.net
Errors-To: owner-nanog@merit.edu
65.110.62.120
Sagonet,
We have a serious hacker here who is ACTIVLY engaged in logins
on our network (have him in a honeypot at the moment). He is running
exploits from your network and
also I have been hearing from others that you have been notified of this
a few times yet have done nothing about it. Can we get someone to handle
this immediately please?
This hacker has rooted at least 35 servers on a friends network (friendly
competitor) and now hes scanning ours...
This is what was said by my friend after contacting you guys about this:
"Good... They will not listen... I have provided them logs, screen shots,
etc..."
Additionally, I would LOVE to know what is on that server... this guy is
not to be taken lightly, he is VERY methodical and patient. He's problably
owning your network too.
[root@mail /home]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 0.0.0.0:21 0.0.0.0:*
LISTEN
tcp 0 0 :::38300 :::*
LISTEN
tcp 0 0 ::ffff:66.11.112.15:38300 ::ffff:65.110.62.120:59979
ESTABLISHED
ESTABLISHED
