[93193] in North American Network Operators' Group
Re: Sagonet - Failing miserably with network security Someone needs to handle this.
daemon@ATHENA.MIT.EDU (Jordan Medlen)
Mon Oct 30 15:41:46 2006
X-Antivirus-SAGONET-Mail-From: jmedlen@sagonet.com via mail.sagonet.com
In-Reply-To: <DEB70BE9B019B14EBE4D34B2FD2E74102139F20F@jabba.ad.newedgenetworks.com>
Cc: <chris_jester@suavemente.net>, <nanog@nanog.org>,
<abuse@sagonet.com>
From: Jordan Medlen <jmedlen@sagonet.com>
Date: Mon, 30 Oct 2006 15:39:42 -0500
To: "Lasher, Donn" <DLasher@newedgenetworks.com>
Errors-To: owner-nanog@merit.edu
Customer has been nuked.
--
Jordan Medlen
Sago Networks
On Oct 30, 2006, at 11:54 AM, Lasher, Donn wrote:
>
>
> Not that this is his real name, or business, but a whois on the IP
> yields:
>
> [whois.arin.net]
> Sago Networks SAGO-20030401 (NET-65-110-32-0-1)
> 65.110.32.0 - 65.110.63.255
> Anton Tenev SAGO-65-110-62-120 (NET-65-110-62-120-1)
> 65.110.62.120 - 65.110.62.129
>
>
>
> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On
> Behalf Of
> Chris Jester
> Sent: Sunday, October 29, 2006 11:29 AM
> To: nanog@nanog.org
> Cc: abuse@sagonet.com
> Subject: Sagonet - Failing miserably with network security Someone
> needs
> to handle this.
>
>
> 65.110.62.120
>
> Sagonet,
>
> We have a serious hacker here who is ACTIVLY engaged in logins on our
> network (have him in a honeypot at the moment). He is running exploits
> from your network and also I have been hearing from others that you
> have
> been notified of this a few times yet have done nothing about it. Can
> we get someone to handle this immediately please?
>
> This hacker has rooted at least 35 servers on a friends network
> (friendly
> competitor) and now hes scanning ours...
>
> This is what was said by my friend after contacting you guys about
> this:
> "Good... They will not listen... I have provided them logs, screen
> shots, etc..."
>
> Additionally, I would LOVE to know what is on that server... this
> guy is
> not to be taken lightly, he is VERY methodical and patient. He's
> problably owning your network too.
>
> [root@mail /home]# netstat -an
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address
>
> State
> tcp 0 0 0.0.0.0:21 0.0.0.0:*
>
> LISTEN
> tcp 0 0 :::38300 :::*
>
> LISTEN
> tcp 0 0 ::ffff:66.11.112.15:38300
> ::ffff:65.110.62.120:59979
> ESTABLISHED
> ESTABLISHED
>
>
>
