[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Moked Req #10336] Security alert (fwd)




As sent to te iix-peers list            

It has come to our attention (which will most probably be reported in the
newspapers tomorrow), that an intensive attack has been mounted against all
Israeli hosts from abroad.  The attacking site is always beirut.leb.net
(206.127.55.2).  This is a Linux system located in Texas run by Lebanese
students/hackers.  These attacks have been going on for at least a month but
have intensified over the past 2-3 days.  At one site, a Checkpoint
Firewall-1 system was bypassed and the log turned off after compromise.  The
sites attacked are hi-tech companies and banks (those that are known so far).

It is recommended that all Israeli ISPs place inbound filters on their
international router to block access from this IP address.  It is also
recommended to inform all your leased line and web clients.  Based on
analysis of Comsec and Publicom (two companies called in to handle the
damage after the fact), the attacks are intense, and of a high level.

If you know of, or learn of any attacks from this system, please send me e-mail.

Thanks,
Hank Nussbacher
ISOC-IL Board member

Attached is the Internic & ARIN info:

Lebanese Networks (LEB-DOM)
   509 Nagle, Suite 303
   College Station, TX 77840
   us

   Domain Name: LEB.NET

   Administrative Contact:
      Medawar, Bassem  (BM342)  medawar@LEB.NET medawar@LEB.NET
      (212)691-0855 (FAX) (212)691-0855
   Technical Contact, Zone Contact:
      Ido, Haisam  (HI71)  idoh@CAIS.COM
      (202) 537-5064
   Billing Contact:
      Khalil, Alex  (AK80)  iskandar@EE.TAMU.EDU iskandar@LEB.NET
      (409) 845-7440

   Record last updated on 08-Oct-98.
   Record created on 23-Aug-94.
   Database last updated on 22-Oct-98 05:46:29 EDT.

   Domain servers in listed order:

   NS.LEB.NET			206.127.55.2
   NS.DOLEH.COM			192.231.91.1

The Dorsai Embassy (NETBLK-NET-DORSAI)
   38-62 11th
   Long Island city, NY 11101
   US

   Netname: DORSAI-BLK
   Netblock: 206.127.32.0 - 206.127.63.0
   Maintainer: DORS

   Coordinator:
      Rawls, Charles  (CR188-ARIN)  crawls@DORSAI.ORG
      718) 392-3667

   Domain System inverse mapping provided by:

   NS1.DORSAI.ORG		206.127.32.33
   NS2.DORSAI.ORG		206.127.32.34