[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Hacked?
- Subject: RE: [cobalt-security] Hacked?
- From: "Graeme Fowler" <graeme.fowler@xxxxxxxxxxxxxx>
- Date: Thu, 26 Sep 2002 18:36:13 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
David Smulsky wrote:
> Next, if you really think hes an intruder, go for the source,
> find an admin, or a ISP admin that hosts mump.bestiary.com
Careful here, since that's simply the PTR record for the IP address 204.225.173.21. It's perfectly feasible, extremely easy and all-too-common for PTR records to be out-of-date, misleading, or downright untruths.
In this case, the contact details for the netblock are:
OrgName: Mountain Lake Software Corporation
OrgID: MLSC-1
NetRange: 204.225.173.0 - 204.225.173.255
CIDR: 204.225.173.0/24
NetName: MTNNET
NetHandle: NET-204-225-173-0-1
Parent: NET-204-0-0-0-0
NetType: Direct Assignment
NameServer: NS.TAPSCOTT.COM
NameServer: GEAR.TORQUE.NET
NameServer: NS3.TORQUE.NET
Comment:
RegDate: 1995-01-10
Updated: 1999-04-06
TechHandle: NA12-ORG-ARIN
TechName: Network Administrator
TechPhone: +1-416-367-7300
TechEmail: netadmin@xxxxxxxxxxxx
and for the domain 'bestiary.net':
Administrative Contact:
Pete Bevin
Pete Bevin
65 Empire Ave.
Toronto, ON M4M2L3
CA
Phone: (416) 461-5871
Email: moose@xxxxxxxxxxxx
Well, look. The area code's the same. You'll be needing to contact either of the two listed above, and explain that MUMP.BESTIARY.NET is possibly cracked, or at the very least being misused. If they're the ones being the bad person, they'll soon back off. If however they're simply innocent bystanders and their machine has been broken into, you can walk off safe in the knowledge that you've just done your bit to secure their network. Especially as it's one of their primary nameservers. There, ain't that a nice warm feeling? :)
Graeme
--
Graeme Fowler
System Administrator
Host Europe Group PLC