Originally Posted by milan

After many MANY emails and VM's I will post what OC3 Networks discovered back in October after routine audit of 2 of our clients security.

We know this issue exist since mid Aug 2007, secured our customers and blocked the intruder IP’s from any access to our network.

We posted the thread {url]http://www.gfy.com/showthread.php?t=779742[/url] and got some lawsuit treat to sue us that we could have care less… BUT when our customers that we tracked the breach on their servers got treats as well and requested us to NOT come out public with it, we honored their request.


I've been involved with a high number of NATS clients and have found the following to be true:
*) Changing all admin level account passwords stops the intruder. He still attempts to login, but in vain.
*) As soon as TMM has admin access to NATS the intruder is back. Sometimes the same day.
*) Intruder is using an automation script that dumps the NATS members list. In some cases he is doing this every hour on the hour.

*) NATS was vulnerable to SQL injection attacks. I haven't investigated whether it still is.


P.S. Im hearing that there is a backdoor that TMM can use to get into your NATS, but I havent investigated so its speculation. Only reason I even mention this is because NATS is encrypted and you dont know. Im not interested in decrypting NATS just to find out. There are other ways. I hope this isn’t true.