[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Moked Req #10336] Security alert (fwd)
As sent to te iix-peers list
It has come to our attention (which will most probably be reported in the
newspapers tomorrow), that an intensive attack has been mounted against all
Israeli hosts from abroad. The attacking site is always beirut.leb.net
(206.127.55.2). This is a Linux system located in Texas run by Lebanese
students/hackers. These attacks have been going on for at least a month but
have intensified over the past 2-3 days. At one site, a Checkpoint
Firewall-1 system was bypassed and the log turned off after compromise. The
sites attacked are hi-tech companies and banks (those that are known so far).
It is recommended that all Israeli ISPs place inbound filters on their
international router to block access from this IP address. It is also
recommended to inform all your leased line and web clients. Based on
analysis of Comsec and Publicom (two companies called in to handle the
damage after the fact), the attacks are intense, and of a high level.
If you know of, or learn of any attacks from this system, please send me e-mail.
Thanks,
Hank Nussbacher
ISOC-IL Board member
Attached is the Internic & ARIN info:
Lebanese Networks (LEB-DOM)
509 Nagle, Suite 303
College Station, TX 77840
us
Domain Name: LEB.NET
Administrative Contact:
Medawar, Bassem (BM342) medawar@LEB.NET medawar@LEB.NET
(212)691-0855 (FAX) (212)691-0855
Technical Contact, Zone Contact:
Ido, Haisam (HI71) idoh@CAIS.COM
(202) 537-5064
Billing Contact:
Khalil, Alex (AK80) iskandar@EE.TAMU.EDU iskandar@LEB.NET
(409) 845-7440
Record last updated on 08-Oct-98.
Record created on 23-Aug-94.
Database last updated on 22-Oct-98 05:46:29 EDT.
Domain servers in listed order:
NS.LEB.NET 206.127.55.2
NS.DOLEH.COM 192.231.91.1
The Dorsai Embassy (NETBLK-NET-DORSAI)
38-62 11th
Long Island city, NY 11101
US
Netname: DORSAI-BLK
Netblock: 206.127.32.0 - 206.127.63.0
Maintainer: DORS
Coordinator:
Rawls, Charles (CR188-ARIN) crawls@DORSAI.ORG
718) 392-3667
Domain System inverse mapping provided by:
NS1.DORSAI.ORG 206.127.32.33
NS2.DORSAI.ORG 206.127.32.34