[unisog] Cleaning up those networks

J. Oquendo sil at infiltrated.net
Tue Feb 20 17:50:06 GMT 2007


Greetings all. For those who I've dealt with before many thanks on the 
help you'd given. For the past three months I've been compiling 
information from hosts that have been brute force ssh attacking servers 
that are running a program I have written called "Shapener". 
(http://www.infiltrated.net/scripts/sharpener) I have sorted out the 
information and traced back those IP address that fall under 
Academialand and have compiled the following list of Universities which 
have possible compromised machines.

Rather than post those address (to avoid having misguided individuals 
who may be on this list), I am posting the Universities in hopes 
admins/engineers of these institutions will contact me back for the 
information on the host that is attacking, along with the date and 
timestamps of the attacks. My hopes are to minimize intrusions, malware, 
spyware, etc., and solely inform other engineers of issues coming out of 
their networks. I sincerely hope those contacted will assist. The entire 
list of attacking IP addresses is in the 47k range with 38 host 
reporting on a 5 minute basis to a repository I've set up. Here are the 
Universities.

Some folks may have been contacted already so apologies in advance. I 
will give the Universities 15 business days to respond for those that 
don't they will continue to be listed as threats and their networks will 
be blocked from 38 individual networks 8 of which are /17's. For those 
who respond, I will promptly remove the addresses.

California State University at Fresno
Carnegie Mellon University
Carroll College
Emory University
Florida Atlantic University
Florida Information Resource Network
Georgia Institute of Technology
Gonzaga University
Howard University
Illinois Institute of Technology
Indiana University - Purdue University Fort
Louisiana State University
Marquette University
Massachusetts Institute of Technology
NTT America, Inc.
New York University
Ohio State University
Purdue University
SUNY College at Fredonia
San Diego County Office of Education
San Francisco State University
Stanford University
State University of New York at
Texas A&M University
The Drexel University Campus
Universite Laval
University of California, Los Angeles
University of Georgia
University of Illinois
University of Lethbridge
University of Massachusetts
University of Medicine and Dentistry of
University of Michigan
University of Missouri-Columbia
University of Mobile
University of Oklahoma
University of Pennsylvania
University of Puerto Rico
University of Rhode Island
University of Texas at Austin
University of Texas at San Antonio
University of Virginia
University of Washington
University of Wyoming
Vanderbilt University
Walla Walla College
Washington University
Westnet
York University


Respectfully,
Jesus Oquendo / sil

==========================
J. Oquendo
GPG Key http://www.infiltrated.net/sil.key
The happiness of society is the end of government.
John Adams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.sans.org/pipermail/unisog/attachments/20070220/32034d24/attachment-0001.bin 


More information about the unisog mailing list