[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[hzo@goldfish.cube.net: "Hack attack" is no hack but a survey about operating systems]



  From the O/S surveyor whose work was describe in a moment of haste
as an "attack".

  The survey is available at http://leb.net/hzo

----- Forwarded message from Hans Zoebelein <hzo@goldfish.cube.net> -----

Date: Fri, 23 Oct 1998 04:08:05 +0200 (CEST)
From: Hans Zoebelein <hzo@goldfish.cube.net>
To: Yehavi Bourvine <yehavi@VMS.HUJI.AC.IL>,
        Doron Shikmoni <p85025@VM.BIU.AC.IL>,
        Simon Shickman <simon@CC.HUJI.AC.IL>,
        Morton Taragin <VSMORTY@WEIZMANN.weizmann.ac.il>,
        Hank Nussbacher <hank@taunivm.tau.ac.il>,
        Dov Winer <dovw@MOFET.MACAM98.AC.IL>
cc: support@leb.net, alex khalil <iskandar@ee.tamu.edu>, crawls@DORSAI.ORG
Subject: "Hack attack" is no hack but a survey about operating systems
In-Reply-To: <19981023002358.B10361@beirut.leb.net>

Hi, 

the sysadmin of leb.net emailed me urgently that you suspect a hack
attack which should  origin from leb.net servers.  

Be assured that this is not the case. I'm doing a survey about operating
system usage on the Internet. This survey builds statistics, which
operating systems are running on servers connected to the Internet. 

To find this out, IP packets are sent to servers and answer packets are
evaluated. For results, please check out http://www.leb.net/~hzo/ which
holds the September '98 results.

To each server 2x 7 packets were sent which are totally harmless and the
answers were evaluated. The principle is available for further
evaluation at http://www.apostols.org/projectz/queso 

To prevent any further irritation, servers of the .il domain will be
removed from further surveys and will therefore not shine up any longer in
the survey which covers all the European domains.    

Best Regards
Hans 

<zocki@leb.net>
<hzo@gmx.de>
<hzo@goldfish.cube.net>


-- 
blinux == support for the Linux user who is blind.
blinux == http://www.hzo.cubenet.de/blinux/
-  -  -  -  -  -  -  -  -  -  -  -  -  -  -
ios++  == Internet Operating System Counter.
ios++  == http://www.hzo.cubenet.de/ioscount/

On Fri, 23 Oct 1998, alex khalil wrote:

> 
> ----------------------------
> 
> 
> It has come to our attention (which will most probably be reported in the
> newspapers tomorrow), that an intensive attack has been mounted against all
> Israeli hosts from abroad.  The attacking site is always beirut.leb.net
> (206.127.55.2).  This is a Linux system located in Texas run by Lebanese
> students/hackers.  These attacks have been going on for at least a month but
> have intensified over the past 2-3 days.  At one site, a Checkpoint
> Firewall-1 system was bypassed and the log turned off after compromise.  The
> sites attacked are hi-tech companies and banks (those that are known so far).
> 
> It is recommended that all Israeli ISPs place inbound filters on their
> international router to block access from this IP address.  It is also
> recommended to inform all your leased line and web clients.  Based on
> analysis of Comsec and Publicom (two companies called in to handle the
> damage after the fact), the attacks are intense, and of a high level.
> 
> If you know of, or learn of any attacks from this system, please send me e-mail.
> 
> Thanks,
> Hank Nussbacher
> ISOC-IL Board member
> 
> Attached is the Internic & ARIN info:
> 
> Lebanese Networks (LEB-DOM)
>    509 Nagle, Suite 303
>    College Station, TX 77840
>    us
> 
>    Domain Name: LEB.NET
> 
>    Administrative Contact:
>       Medawar, Bassem  (BM342)  medawar@LEB.NET medawar@LEB.NET
>       (212)691-0855 (FAX) (212)691-0855
>    Technical Contact, Zone Contact:
>       Ido, Haisam  (HI71)  idoh@CAIS.COM
>       (202) 537-5064
>    Billing Contact:
>       Khalil, Alex  (AK80)  iskandar@EE.TAMU.EDU iskandar@LEB.NET
>       (409) 845-7440
> 
>    Record last updated on 08-Oct-98.
>    Record created on 23-Aug-94.
>    Database last updated on 22-Oct-98 05:46:29 EDT.
> 
>    Domain servers in listed order:
> 
>    NS.LEB.NET			206.127.55.2
>    NS.DOLEH.COM			192.231.91.1
> 
> The Dorsai Embassy (NETBLK-NET-DORSAI)
>    38-62 11th
>    Long Island city, NY 11101
>    US
> 
>    Netname: DORSAI-BLK
>    Netblock: 206.127.32.0 - 206.127.63.0
>    Maintainer: DORS
> 
>    Coordinator:
>       Rawls, Charles  (CR188-ARIN)  crawls@DORSAI.ORG
>       718) 392-3667
> 
>    Domain System inverse mapping provided by:
> 
>    NS1.DORSAI.ORG		206.127.32.33
>    NS2.DORSAI.ORG		206.127.32.34
> 
> 
> 
> ----- End forwarded message -----
> 

----- End forwarded message -----