[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] hack attack?
- Subject: Re: [cobalt-users] hack attack?
- From: "Filiberto Ricci" <filiberto@xxxxxxxxx>
- Date: Wed Nov 22 14:05:01 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I'm a customer of Galactica.
If you need help to contact them just mail me.
Filiberto
----- Original Message -----
From: "James Hoaggs" <james_hoaggs@xxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, November 22, 2000 8:32 PM
Subject: Re: [cobalt-users] hack attack?
> > > Just found this lot in my log file for the main domain for my site:
> > >
> > > 213.167.206.222 - - [15/Oct/2000:08:59:08 +0100] "GET /cgi-
> > > bin/phf HTTP/1.0" 302 216 "-" "-"
> >
> > <SNIP>
> >
> > > Anybody got any pointers?
>
> SamSpade.org reveals about 213.167.206.222 :
>
> IP block lookup for 213.167.206.222
>
> whois -h whois.arin.net 213.167.206.222
>
> ARIN redirects us to RIPE
>
> whois -h whois.ripe.net 213.167.206.222
>
> % Rights restricted by copyright. See
http://www.ripe.net/ripencc/pub-services/db/copyright.html
>
> inetnum: 213.167.192.0 - 213.167.210.255
> netname: GALACTICA
> descr: GALACTICA S.p.A.
> descr: Internet Service Provider
> country: IT
> admin-c: LP187-RIPE
> tech-c: AG1488-RIPE
> status: ASSIGNED PA
> notify: sysalt@xxxxxxxxxxxx
> notify: fabrizio.bruzzese@xxxxxxxxxxxx
> mnt-by: GALACTICA-NOC
> changed: fabrizio.bruzzese@xxxxxxxxxxxx 20000906
> source: RIPE
>
> route: 213.167.192.0/19
> descr: GALACTICA S.p.A.
> descr: Internet Service Provider
> origin: AS8974
> notify: sysalt@xxxxxxxxxxxx
> mnt-by: GALACTICA-NOC
> changed: sysalt@xxxxxxxxxxxx 20000517
> source: RIPE
>
> person: Lorenzo Podesta'
> address: Galactica S.p.A.
> address: Via Tonale, 26
> address: 20125 Milano
> address: Italy
> phone: +39 02 676201
> fax-no: +39 02 67076401
> e-mail: lorenzo.podesta@xxxxxxxxxxxx
> nic-hdl: LP187-RIPE
> notify: lorenzo.podesta@xxxxxxxxxxxx
> mnt-by: GALACTICA-NOC
> changed: hostmaster@xxxxxx 19980916
> changed: hostmaster@xxxxxx 19981015
> changed: sysalt@xxxxxxxxxxxx 19990514
> source: RIPE
>
> person: Antonino Giannetto
> address: GALACTICA S.p.A.
> address: Via Tonale, 26
> address: 20125, Milano
> address: Italy
> phone: +39 02 676201
> fax-no: +39 02 67076401
> e-mail: sysalt@xxxxxxxxxxxx
> nic-hdl: AG1488-RIPE
> notify: sysalt@xxxxxxxxxxxx
> mnt-by: GALACTICA-NOC
> changed: sysalt@xxxxxxxxxxxx 19980926
> changed: sysalt@xxxxxxxxxxxx 19990514
> source: RIPE
>
>
>
> Traceroute 213.167.206.222
>
> This end is where samspade.org lives
>
> 1 206.117.161.1 (206.117.161.1) 0.541 ms 0.823 ms
> 2 isi-acg.ln.net (130.152.136.1) 2.396 ms 2.333 ms
> 3 usc-isi-atm.ln.net (130.152.128.2) 3.837 ms 3.773 ms
> 4 fa-0-0-0.a01.lsanca01.us.ra.verio.net (209.189.66.65) 34.214
> ms 4.424 ms
> 5 ge-5-0.r01.lsanca01.us.bb.verio.net (129.250.29.142) 4.224
> ms 4.331 ms
> 6 p4-6-0-0.r00.lsanca01.us.bb.verio.net (129.250.2.205) 5.590
> ms 10.439 ms
> 7 p4-1-3-0.r01.snjsca03.us.bb.verio.net (129.250.2.113) 12.675
> ms 12.675 ms
> 8 p4-1-0.r00.snjsca03.us.bb.verio.net (129.250.2.225) 12.315
> ms 12.460 ms
> 9 p4-0-1-0.r00.scrmca01.us.bb.verio.net (129.250.3.34) 15.515
> ms *
> 10 uunet.r00.scrmca01.us.bb.verio.net (129.250.9.98) 31.234
> ms 19.464 ms
> 11 174.at-5-0-0.XR2.SAC1.ALTER.NET (152.63.52.94) 18.857 ms
> 19.762 ms
> 12 184.at-2-1-0.TR2.SAC1.ALTER.NET (152.63.50.150) 19.986 ms
> 19.980 ms
> 13 127.at-5-0-0.IR2.NYC9.ALTER.NET (152.63.2.221) 89.251 ms
> 89.500 ms
> 14 so-1-0-0.IR2.NYC12.ALTER.NET (152.63.23.70) 90.613 ms 93.439
> ms
> 15 SO-2-0-0.IR1.NYC12.Alter.Net (146.188.8.177) 90.845 ms 89.444
> ms
> 16 * SO-5-0-0.IR1.DCA4.Alter.Net (146.188.5.245) 82.430 ms
> 17 SO-7-0-0.IR2.DCA4.Alter.Net (146.188.11.226) 85.694 ms *
> 18 * SO-5-0-0.TR2.LND9.Alter.Net (146.188.8.174) 161.637 ms
> 19 SO-2-0-0.TR1.LND9.Alter.Net (146.188.15.25) 162.51 ms 161.632
> ms
> 20 SO-5-0-0.TR1.PAR2.Alter.Net (146.188.8.165) 169.134 ms
169.744
> ms
> 21 199.ATM1-0-0.CR2.MLN2.Alter.Net (146.188.5.66) 208.906 ms
> 209.338 ms
> 22 POS4-0-0.CR2.MLN4.Alter.Net (146.188.3.102) 207.967 ms *
> 23 312.ATM5-0-0.GW3.MLN4.Alter.Net (146.188.12.118) 196.975
> ms 197.944 ms
> 24 Galactica-gw2.customer.ALTER.NET (146.188.37.254) 212.550
> ms 245.271 ms
> 25 02.as58b.flat.mi.galactica.it (212.41.192.48) 199.423 ms
> 210.761 ms
> 26 213.167.206.222 (213.167.206.222) 313.707 ms *
>
> This end is where the people you're tracerouting to live
>
> Send the admin's an email with the subject : "Please Stop your Members
> from Hacking our Computer"
> Include all the details of the attack, such as attacker's IP and
hostmname,
> the destination port, protocol, your time zone, date, and destination
> IP.
> Plus if you use Psionic's Portsentry, there is an automated script that
> zaps the admins automatically with an email detailing the attack.
> --
> James Hoagggs
> james_hoaggs@xxxxxxxxxx | (408) 380-2271 x8024
>
>
> __________________________________________________
> FREE voicemail, email, and fax...all in one place.
> Sign Up Now! http://www.onebox.com
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users