[93183] in North American Network Operators' Group
RE: Sagonet - Failing miserably with network security Someone needs to handle this.
daemon@ATHENA.MIT.EDU (Lasher, Donn)
Mon Oct 30 11:58:13 2006
Date: Mon, 30 Oct 2006 08:54:23 -0800
From: "Lasher, Donn" <DLasher@newedgenetworks.com>
To: <chris_jester@suavemente.net>, <nanog@nanog.org>
Cc: <abuse@sagonet.com>
Errors-To: owner-nanog@merit.edu
Not that this is his real name, or business, but a whois on the IP
yields:
[whois.arin.net]
Sago Networks SAGO-20030401 (NET-65-110-32-0-1)=20
65.110.32.0 - 65.110.63.255
Anton Tenev SAGO-65-110-62-120 (NET-65-110-62-120-1)=20
65.110.62.120 - 65.110.62.129
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Chris Jester
Sent: Sunday, October 29, 2006 11:29 AM
To: nanog@nanog.org
Cc: abuse@sagonet.com
Subject: Sagonet - Failing miserably with network security Someone needs
to handle this.
65.110.62.120
Sagonet,
We have a serious hacker here who is ACTIVLY engaged in logins on our
network (have him in a honeypot at the moment). He is running exploits
from your network and also I have been hearing from others that you have
been notified of this a few times yet have done nothing about it. Can
we get someone to handle this immediately please?
This hacker has rooted at least 35 servers on a friends network
(friendly
competitor) and now hes scanning ours...
This is what was said by my friend after contacting you guys about this:
"Good... They will not listen... I have provided them logs, screen
shots, etc..."
Additionally, I would LOVE to know what is on that server... this guy is
not to be taken lightly, he is VERY methodical and patient. He's
problably owning your network too.
[root@mail /home]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 0.0.0.0:21 0.0.0.0:*
LISTEN
tcp 0 0 :::38300 :::*
LISTEN
tcp 0 0 ::ffff:66.11.112.15:38300
::ffff:65.110.62.120:59979
ESTABLISHED
ESTABLISHED
