[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Moked Req #10336] Security alert (fwd)



  
  This must be a joke.

  I am the admin at leb.net and one of our users is using queso [which
was mentioned on this list two weeks ago] to gather a rather complete
O/S survey at http://members.tripod.com/~hzo/osi_counter/

  The survey is popular among Linuxers because it proves that Linux
is the Internet O/S of choice.

  I guess the only step for the moment is to take all .il hosts from the 
survey and erase Israel from that map.

  Mistaking queso for an "intensive attack" that had "a Checkpoint
Firewall-1 system [..] bypassed and the log turned off after compromise"
is interesting .
  If this is "reported in the newspapers tomorrow", it will be a major
embarassment for the Israeli company that wrote Checkpoint: imagine
being turned off remotely by an innocent public domain O/S survey.

  Well, this is going to be unusual.

alex





On Thu, Oct 22, 1998 at 11:06:13PM +0200, Asher Frenkel wrote:
>
>As sent to te iix-peers list            
>
>It has come to our attention (which will most probably be reported in the
>newspapers tomorrow), that an intensive attack has been mounted against all
>Israeli hosts from abroad.  The attacking site is always beirut.leb.net
>(206.127.55.2).  This is a Linux system located in Texas run by Lebanese
>students/hackers.  These attacks have been going on for at least a month but
>have intensified over the past 2-3 days.  At one site, a Checkpoint
>Firewall-1 system was bypassed and the log turned off after compromise.  The
>sites attacked are hi-tech companies and banks (those that are known so far).
>
>It is recommended that all Israeli ISPs place inbound filters on their
>international router to block access from this IP address.  It is also
>recommended to inform all your leased line and web clients.  Based on
>analysis of Comsec and Publicom (two companies called in to handle the
>damage after the fact), the attacks are intense, and of a high level.
>
>If you know of, or learn of any attacks from this system, please send me e-mail.
>
>Thanks,
>Hank Nussbacher
>ISOC-IL Board member
>
>Attached is the Internic & ARIN info:
>
>Lebanese Networks (LEB-DOM)
>   509 Nagle, Suite 303
>   College Station, TX 77840
>   us
>
>   Domain Name: LEB.NET
>
>   Administrative Contact:
>      Medawar, Bassem  (BM342)  medawar@LEB.NET medawar@LEB.NET
>      (212)691-0855 (FAX) (212)691-0855
>   Technical Contact, Zone Contact:
>      Ido, Haisam  (HI71)  idoh@CAIS.COM
>      (202) 537-5064
>   Billing Contact:
>      Khalil, Alex  (AK80)  iskandar@EE.TAMU.EDU iskandar@LEB.NET
>      (409) 845-7440
>
>   Record last updated on 08-Oct-98.
>   Record created on 23-Aug-94.
>   Database last updated on 22-Oct-98 05:46:29 EDT.
>
>   Domain servers in listed order:
>
>   NS.LEB.NET			206.127.55.2
>   NS.DOLEH.COM			192.231.91.1
>
>The Dorsai Embassy (NETBLK-NET-DORSAI)
>   38-62 11th
>   Long Island city, NY 11101
>   US
>
>   Netname: DORSAI-BLK
>   Netblock: 206.127.32.0 - 206.127.63.0
>   Maintainer: DORS
>
>   Coordinator:
>      Rawls, Charles  (CR188-ARIN)  crawls@DORSAI.ORG
>      718) 392-3667
>
>   Domain System inverse mapping provided by:
>
>   NS1.DORSAI.ORG		206.127.32.33
>   NS2.DORSAI.ORG		206.127.32.34
>
>