GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Running Nats? BLOCK THIS IP NOW

SplitInfinity · 10-29-2006, 12:36 PM

Posted to NANOG about this issue since SAGO like to ignore their abuse:

65.110.62.120

Sagonet,

We have a serious hacker here who is ACTIVLY engaged in logins
on our network (have him in a honeypot at the moment). He is running exploits from your network and
also I have been hearing from others that you have been notified of this
a few times yet have done nothing about it. Can we get someone to handle
this immediately please?

This hacker has rooted at least 35 servers on a friends network (friendly competitor) and now hes scanning ours...

This is what was said by my friend after contacting you guys about this:
"Good... They will not listen... I have provided them logs, screen shots, etc..."

Additionally, I would LOVE to know what is on that server... this guy is
not to be taken lightly, he is VERY methodical and patient. He's problably
owning your network too.

[root@mail /home]# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:21 0.0.0.0 LISTEN
tcp 0 0 :::38300 :: LISTEN
tcp 0 0 ::ffff:66.11.112.15:38300 ::ffff:65.110.62.120:59979 ESTABLISHED
ESTABLISHED
posted to nanog

10-29-2006, 12:36 PM
SplitInfinity Confirmed User Join Date: Dec 2002 Location: San Diego, CA Posts: 3,047	Posted to NANOG about this issue since SAGO like to ignore their abuse: 65.110.62.120 Sagonet, We have a serious hacker here who is ACTIVLY engaged in logins on our network (have him in a honeypot at the moment). He is running exploits from your network and also I have been hearing from others that you have been notified of this a few times yet have done nothing about it. Can we get someone to handle this immediately please? This hacker has rooted at least 35 servers on a friends network (friendly competitor) and now hes scanning ours... This is what was said by my friend after contacting you guys about this: "Good... They will not listen... I have provided them logs, screen shots, etc..." Additionally, I would LOVE to know what is on that server... this guy is not to be taken lightly, he is VERY methodical and patient. He's problably owning your network too. [root@mail /home]# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:21 0.0.0.0 LISTEN tcp 0 0 :::38300 :: LISTEN tcp 0 0 ::ffff:66.11.112.15:38300 ::ffff:65.110.62.120:59979 ESTABLISHED ESTABLISHED posted to nanog