Results 1 to 2 of 2
  1. #1
    Join Date
    May 2003
    Location
    Rome, GA
    Posts
    77

    A new scame or what?

    Ok i have gotton five email's Telling me that my server's are attacking there systems. i'm sure that my boxes are clean. and this is BS
    so i asked for the logs this is what they sent.


    From: "Security Masters" <security@securitymasters.org>
    Date: Fri Dec 17, 2004 02:23:09 PM US/Eastern
    To: <ellery@dallas-computers.com>
    Cc: <abuse@ezzi.net>
    Subject: RE: Attack report

    Our apologizes.
    We cut and paste wrong.

    Best regards
    aron
    De: Ellery Durgin [mailto:ellery@dallas-computers.com]
    Enviado el: Friday, December 17, 2004 11:44 AM
    Para: security@securitymasters.org
    CC: ellery@dallas-computers.com; abuse@ev1.net; abuse@dallas-computers.com;
    cust_service@ev1servers.net; support@ev1servers.net
    Asunto: Re: Attack report

    This ip is not even in my range. why do you think that im attacking your
    system? that server is in ezzi

    -----Mensaje original-----
    De: Ellery Durgin [mailto:ellery@dallas-computers.com]
    Enviado el: Friday, December 17, 2004 11:44 AM
    Para: security@securitymasters.org
    Somebody remain attacking my server
    I send this log.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    > Authentication Failures:
    >
    > bin (66.199.234.202 ): 1 Time(s)
    > unknown (66.199.234.202 ): 20 Time(s)
    > root (66.199.234.202 ): 7 Time(s)
    >
    >
    > ---------------------- pam_unix End -------------------------
    >
    >

    >

    >
    > Failed logins from these:
    > alex/password from 66.199.234.202:
    2 Time(s)
    > backup/password from 66.199.234.202: 1 Time(s)
    > bin/password from 66.199.234.202: 1 Time(s)
    > computer/password from 66.199.234.202: 1 Time(s)
    > info/password from 66.199.234.202: 2 Time(s)
    > jack/password from 66.199.234.202: 2 Time(s)
    > love/password from 66.199.234.202: 1 Time(s)
    > master/password from 66.199.234.202: 1 Time(s)
    > oracle/password from 66.199.234.202: 1 Time(s)
    > paul/password from 66.199.234.202: 2 Time(s)
    > root/password from 66.199.234.202: 7 Time(s)
    > slapme/password from 66.199.234.202: 1 Time(s)
    > student/password from 66.199.234.202: 1 Time(s)
    > user/password from 66.199.234.202: 1 Time(s)
    > valentin/password from 66.199.234.202: 1 Time(s)
    > webmaster/password from 66.199.234.202: 2 Time(s)
    > www/password from 66.199.234.202: 1 Time(s)
    >
    > **Unmatched Entries**
    > Illegal user slapme from 66.199.234.202
    > Illegal user oracle from 66.199.234.202
    > Illegal user www from 66.199.234.202
    > Illegal user master from 66.199.234.202
    > Illegal user info from 66.199.234.202
    > Illegal user backup from 66.199.234.202
    > Illegal user computer from 66.199.234.202
    > Illegal user webmaster from 66.199.234.202
    > Illegal user info from 66.199.234.202
    > Illegal user webmaster from 66.199.234.202
    > Illegal user jack from 66.199.234.202
    > Illegal user jack from 66.199.234.202
    > Illegal user student from 66.199.234.202
    > Illegal user user from 66.199.234.202
    > Illegal user alex from 66.199.234.202
    > Illegal user alex from 66.199.234.202
    > Illegal user paul from 66.199.234.202
    > Illegal user paul from 66.199.234.202
    > Illegal user valentin from 66.199.234.202
    > Illegal user love from 66.199.234.202
    > User root not allowed because not listed in AllowUsers
    >
    > ---------------------- SSHD End -------------------------
    >
    >
    >
    > ------------------ Disk Space --------------------
    >
    > Filesystem Size Used Avail Use% Mounted on
    > /dev/hda2 17G 6.6G 8.9G 43% /
    > /dev/hda1 198M 8.2M 180M 5% /boot
    > none 243M 0 243M 0% /dev/shm
    >
    >
    > ###################### LogWatch End #########################

    NeoTrace Trace Version 3.25 Results
    Target: dallas-computers.com
    Date: 12/17/2004 (Friday), 10:55:31 AM
    Nodes: 15


    Node Data
    Node Net Reg IP Address Location Node Name
    15 1 1 64.246.20.175 Unknown ev1s-64-246-20-175.ev1servers.net


    Packet Data
    Node High Low Avg Tot Lost
    15 270 51 53 57 1


    Network Data
    Network id#: 1

    OrgName: Everyones Internet, Inc.
    OrgID: EVRY
    Address: 2600 Southwest Freeway
    Address: Suite 500
    City: Houston
    StateProv: TX
    PostalCode: 77098
    Country: US

    NetRange: 64.246.0.0 - 64.246.63.255
    CIDR: 64.246.0.0/18
    NetName: EVRY-BLK-9
    NetHandle: NET-64-246-0-0-1
    Parent: NET-64-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.EV1.NET
    NameServer: NS2.EV1.NET
    Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate: 2001-10-05
    Updated: 2003-03-31

    TechHandle: RW172-ARIN
    TechName: Williams, Randy
    TechPhone: +1-713-400-5400
    TechEmail: admin@ev1.net

    OrgAbuseHandle: ABUSE477-ARIN
    OrgAbuseName: ABUSE
    OrgAbusePhone: +1-713-400-5400
    OrgAbuseEmail: abuse@ev1.net

    OrgNOCHandle: NOC1445-ARIN
    OrgNOCName: NOC
    OrgNOCPhone: +1-713-400-5400
    OrgNOCEmail: noc@ev1.net

    OrgTechHandle: RW172-ARIN
    OrgTechName: Williams, Randy
    OrgTechPhone: +1-713-400-5400
    OrgTechEmail: admin@ev1.net

    OrgTechHandle: VST3-ARIN
    OrgTechName: Stinson, Valarie
    OrgTechPhone: +1-713-400-5400
    OrgTechEmail: admin2@ev1.net

    ARIN WHOIS database, last updated 2004-12-16 19:10


    Registrant Data
    Registrant id#: 1
    NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS
    database through the use of high-volume, automated, electronic processes. The
    Data in Network Solutions' WHOIS database is provided by Network Solutions for information
    purposes only, and to assist persons in obtaining information about or related
    to a domain name registration record. Network Solutions does not guarantee its accuracy.
    By submitting a WHOIS query, you agree to abide by the following terms of use:
    You agree that you may use this Data only for lawful purposes and that under no
    circumstances will you use this Data to: (1) allow, enable, or otherwise support
    the transmission of mass unsolicited, commercial advertising or solicitations
    via e-mail, telephone, or facsimile; or (2) enable high volume, automated,
    electronic processes that apply to Network Solutions (or its computer systems). The
    compilation, repackaging, dissemination or other use of this Data is expressly
    prohibited without the prior written consent of Network Solutions. You agree not to use
    high-volume, automated, electronic processes to access or query the WHOIS
    database. Network Solutions reserves the right to terminate your access to the WHOIS
    database in its sole discretion, including without limitation, for excessive
    querying of the WHOIS database or for failure to otherwise abide by this policy.
    Network Solutions reserves the right to modify these terms at any time.

    _____
    NeoTrace Copyright ©1997-2001 NeoWorx Inc
    From:































    Somebody remain attacking my server
    I send this log.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    > Authentication Failures:
    >
    > bin (66.199.234.202 ): 1 Time(s)
    > unknown (66.199.234.202 ): 20 Time(s)
    > root (66.199.234.202 ): 7 Time(s)
    >
    >
    > ---------------------- pam_unix End -------------------------
    >
    >

    >

    >
    > Failed logins from these:
    > alex/password from 66.199.234.202: 2 Time(s)
    > backup/password from 66.199.234.202: 1 Time(s)
    > bin/password from 66.199.234.202: 1 Time(s)
    > computer/password from 66.199.234.202: 1 Time(s)
    > info/password from 66.199.234.202: 2 Time(s)
    > jack/password from 66.199.234.202: 2 Time(s)
    > love/password from 66.199.234.202: 1 Time(s)
    > master/password from 66.199.234.202: 1 Time(s)
    > oracle/password from 66.199.234.202: 1 Time(s)
    > paul/password from 66.199.234.202: 2 Time(s)
    > root/password from 66.199.234.202: 7 Time(s)
    > slapme/password from 66.199.234.202: 1 Time(s)
    > student/password from 66.199.234.202: 1 Time(s)
    > user/password from 66.199.234.202: 1 Time(s)
    > valentin/password from 66.199.234.202: 1 Time(s)
    > webmaster/password from 66.199.234.202: 2 Time(s)
    > www/password from 66.199.234.202: 1 Time(s)
    >
    > **Unmatched Entries**
    > Illegal user slapme from 66.199.234.202
    > Illegal user oracle from 66.199.234.202
    > Illegal user www from 66.199.234.202
    > Illegal user master from 66.199.234.202
    > Illegal user info from 66.199.234.202
    > Illegal user backup from 66.199.234.202
    > Illegal user computer from 66.199.234.202
    > Illegal user webmaster from 66.199.234.202
    > Illegal user info from 66.199.234.202
    > Illegal user webmaster from 66.199.234.202
    > Illegal user jack from 66.199.234.202
    > Illegal user jack from 66.199.234.202
    > Illegal user student from 66.199.234.202
    > Illegal user user from 66.199.234.202
    > Illegal user alex from 66.199.234.202
    > Illegal user alex from 66.199.234.202
    > Illegal user paul from 66.199.234.202
    > Illegal user paul from 66.199.234.202
    > Illegal user valentin from 66.199.234.202
    > Illegal user love from 66.199.234.202
    > User root not allowed because not listed in AllowUsers
    >
    > ---------------------- SSHD End -------------------------
    >
    >
    >
    > ------------------ Disk Space --------------------
    >
    > Filesystem Size Used Avail Use% Mounted on
    > /dev/hda2 17G 6.6G 8.9G 43% /
    > /dev/hda1 198M 8.2M 180M 5% /boot
    > none 243M 0 243M 0% /dev/shm
    >
    >
    > ###################### LogWatch End #########################

    NeoTrace Trace Version 3.25 Results
    Target: dallas-computers.com
    Date: 12/17/2004 (Friday), 10:55:31 AM
    Nodes: 15


    Node Data
    Node Net Reg IP Address Location Node Name
    15 1 1 64.246.20.175 Unknown ev1s-64-246-20-175.ev1servers.net


    Packet Data
    Node High Low Avg Tot Lost
    15 270 51 53 57 1


    Network Data
    Network id#: 1

    OrgName: Everyones Internet, Inc.
    OrgID: EVRY
    Address: 2600 Southwest Freeway
    Address: Suite 500
    City: Houston
    StateProv: TX
    PostalCode: 77098
    Country: US

    NetRange: 64.246.0.0 - 64.246.63.255
    CIDR: 64.246.0.0/18
    NetName: EVRY-BLK-9
    NetHandle: NET-64-246-0-0-1
    Parent: NET-64-0-0-0-0
    NetType: Direct Allocation
    NameServer: NS1.EV1.NET
    NameServer: NS2.EV1.NET
    Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    RegDate: 2001-10-05
    Updated: 2003-03-31

    TechHandle: RW172-ARIN
    TechName: Williams, Randy
    TechPhone: +1-713-400-5400
    TechEmail: admin@ev1.net

    OrgAbuseHandle: ABUSE477-ARIN
    OrgAbuseName: ABUSE
    OrgAbusePhone: +1-713-400-5400
    OrgAbuseEmail: abuse@ev1.net

    OrgNOCHandle: NOC1445-ARIN
    OrgNOCName: NOC
    OrgNOCPhone: +1-713-400-5400
    OrgNOCEmail: noc@ev1.net

    OrgTechHandle: RW172-ARIN
    OrgTechName: Williams, Randy
    OrgTechPhone: +1-713-400-5400
    OrgTechEmail: admin@ev1.net

    OrgTechHandle: VST3-ARIN
    OrgTechName: Stinson, Valarie
    OrgTechPhone: +1-713-400-5400
    OrgTechEmail: admin2@ev1.net

    ARIN WHOIS database, last updated 2004-12-16 19:10


    Registrant Data
    Registrant id#: 1
    NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS
    database through the use of high-volume, automated, electronic processes. The
    Data in Network Solutions' WHOIS database is provided by Network Solutions for information
    purposes only, and to assist persons in obtaining information about or related
    to a domain name registration record. Network Solutions does not guarantee its accuracy.
    By submitting a WHOIS query, you agree to abide by the following terms of use:
    You agree that you may use this Data only for lawful purposes and that under no
    circumstances will you use this Data to: (1) allow, enable, or otherwise support
    the transmission of mass unsolicited, commercial advertising or solicitations
    via e-mail, telephone, or facsimile; or (2) enable high volume, automated,
    electronic processes that apply to Network Solutions (or its computer systems). The
    compilation, repackaging, dissemination or other use of this Data is expressly
    prohibited without the prior written consent of Network Solutions. You agree not to use
    high-volume, automated, electronic processes to access or query the WHOIS
    database. Network Solutions reserves the right to terminate your access to the WHOIS
    database in its sole discretion, including without limitation, for excessive
    querying of the WHOIS database or for failure to otherwise abide by this policy.
    Network Solutions reserves the right to modify these terms at any time.

    _____
    NeoTrace Copyright ©1997-2001 NeoWorx Inc

  2. #2
    Join Date
    Mar 2004
    Location
    Singapore
    Posts
    6,990
    Maybe it is some sys admin overwhelm by the attacks and start sending out to everyone, just email him saying not your IP or maybe give him a pointer of two hw to get the real admin

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •