[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] hack attack?

Subject: Re: [cobalt-users] hack attack?
From: "James Hoaggs" <james_hoaggs@xxxxxxxxxx>
Date: Wed Nov 22 11:33:01 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> > Just found this lot in my log file for the main domain for my site:
> >
> > 213.167.206.222 - - [15/Oct/2000:08:59:08 +0100] "GET /cgi-
> > bin/phf HTTP/1.0" 302 216 "-" "-"
> 
> <SNIP>
> 
> > Anybody got any pointers?

SamSpade.org reveals about 213.167.206.222 :

IP block lookup for 213.167.206.222

       whois -h whois.arin.net 213.167.206.222

       ARIN redirects us to RIPE

       whois -h whois.ripe.net 213.167.206.222

       % Rights restricted by copyright. See http://www.ripe.net/ripencc/pub-services/db/copyright.html

       inetnum:     213.167.192.0 - 213.167.210.255
       netname:     GALACTICA
       descr:       GALACTICA S.p.A.
       descr:       Internet Service Provider
       country:     IT
       admin-c:     LP187-RIPE
       tech-c:      AG1488-RIPE
       status:      ASSIGNED PA
       notify:      sysalt@xxxxxxxxxxxx
       notify:      fabrizio.bruzzese@xxxxxxxxxxxx
       mnt-by:      GALACTICA-NOC
       changed:     fabrizio.bruzzese@xxxxxxxxxxxx 20000906
       source:      RIPE

       route:       213.167.192.0/19
       descr:       GALACTICA S.p.A.
       descr:       Internet Service Provider
       origin:      AS8974
       notify:      sysalt@xxxxxxxxxxxx
       mnt-by:      GALACTICA-NOC
       changed:     sysalt@xxxxxxxxxxxx 20000517
       source:      RIPE

       person:      Lorenzo Podesta'
       address:     Galactica S.p.A.
       address:     Via Tonale, 26
       address:     20125 Milano
       address:     Italy
       phone:       +39 02 676201
       fax-no:      +39 02 67076401
       e-mail:      lorenzo.podesta@xxxxxxxxxxxx
       nic-hdl:     LP187-RIPE
       notify:      lorenzo.podesta@xxxxxxxxxxxx
       mnt-by:      GALACTICA-NOC
       changed:     hostmaster@xxxxxx 19980916
       changed:     hostmaster@xxxxxx 19981015
       changed:     sysalt@xxxxxxxxxxxx 19990514
       source:      RIPE

       person:      Antonino Giannetto
       address:     GALACTICA S.p.A.
       address:     Via Tonale, 26
       address:     20125, Milano
       address:     Italy
       phone:       +39 02 676201
       fax-no:      +39 02 67076401
       e-mail:      sysalt@xxxxxxxxxxxx
       nic-hdl:     AG1488-RIPE
       notify:      sysalt@xxxxxxxxxxxx
       mnt-by:      GALACTICA-NOC
       changed:     sysalt@xxxxxxxxxxxx 19980926
       changed:     sysalt@xxxxxxxxxxxx 19990514
       source:      RIPE



       Traceroute 213.167.206.222

       This end is where samspade.org lives

        1  206.117.161.1 (206.117.161.1)  0.541 ms  0.823 ms
        2  isi-acg.ln.net (130.152.136.1)  2.396 ms  2.333 ms
        3  usc-isi-atm.ln.net (130.152.128.2)  3.837 ms  3.773 ms
        4  fa-0-0-0.a01.lsanca01.us.ra.verio.net (209.189.66.65)  34.214
ms  4.424 ms
        5  ge-5-0.r01.lsanca01.us.bb.verio.net (129.250.29.142)  4.224
ms  4.331 ms
        6  p4-6-0-0.r00.lsanca01.us.bb.verio.net (129.250.2.205)  5.590
ms  10.439 ms
        7  p4-1-3-0.r01.snjsca03.us.bb.verio.net (129.250.2.113)  12.675
ms  12.675 ms
        8  p4-1-0.r00.snjsca03.us.bb.verio.net (129.250.2.225)  12.315
ms  12.460 ms
        9  p4-0-1-0.r00.scrmca01.us.bb.verio.net (129.250.3.34)  15.515
ms *
       10  uunet.r00.scrmca01.us.bb.verio.net (129.250.9.98)  31.234
ms  19.464 ms
       11  174.at-5-0-0.XR2.SAC1.ALTER.NET (152.63.52.94)  18.857 ms
 19.762 ms
       12  184.at-2-1-0.TR2.SAC1.ALTER.NET (152.63.50.150)  19.986 ms
 19.980 ms
       13  127.at-5-0-0.IR2.NYC9.ALTER.NET (152.63.2.221)  89.251 ms
 89.500 ms
       14  so-1-0-0.IR2.NYC12.ALTER.NET (152.63.23.70)  90.613 ms  93.439
ms
       15  SO-2-0-0.IR1.NYC12.Alter.Net (146.188.8.177)  90.845 ms  89.444
ms
       16  * SO-5-0-0.IR1.DCA4.Alter.Net (146.188.5.245)  82.430 ms
       17  SO-7-0-0.IR2.DCA4.Alter.Net (146.188.11.226)  85.694 ms *
       18  * SO-5-0-0.TR2.LND9.Alter.Net (146.188.8.174)  161.637 ms
       19  SO-2-0-0.TR1.LND9.Alter.Net (146.188.15.25)  162.51 ms  161.632
ms
       20  SO-5-0-0.TR1.PAR2.Alter.Net (146.188.8.165)  169.134 ms  169.744
ms
       21  199.ATM1-0-0.CR2.MLN2.Alter.Net (146.188.5.66)  208.906 ms
 209.338 ms
       22  POS4-0-0.CR2.MLN4.Alter.Net (146.188.3.102)  207.967 ms *
       23  312.ATM5-0-0.GW3.MLN4.Alter.Net (146.188.12.118)  196.975
ms  197.944 ms
       24  Galactica-gw2.customer.ALTER.NET (146.188.37.254)  212.550
ms  245.271 ms
       25  02.as58b.flat.mi.galactica.it (212.41.192.48)  199.423 ms
 210.761 ms
       26  213.167.206.222 (213.167.206.222)  313.707 ms *

       This end is where the people you're tracerouting to live

Send the admin's an email with the subject : "Please Stop your Members
from Hacking our Computer"
Include all the details of the attack, such as attacker's IP and hostmname,
the destination port, protocol, your time zone, date, and destination
IP.
Plus if you use Psionic's Portsentry, there is an automated script that
zaps the admins automatically with an email detailing the attack.
--
James Hoagggs
james_hoaggs@xxxxxxxxxx | (408) 380-2271 x8024


__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com

Follow-Ups:
- Re: [cobalt-users] hack attack?
  - From: Filiberto Ricci

Prev by Date: Re: [cobalt-users] POP before SMTP
Next by Date: [cobalt-users] Adje web based email
Previous by thread: Re: [cobalt-users] hack attack?
Next by thread: Re: [cobalt-users] hack attack?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index