[unisog] Cleaning up those networks

John Lerchey lerchey at andrew.cmu.edu
Tue Feb 20 19:04:58 GMT 2007

I too would like to see what you have.  Please send me the Carnegie Mellon 
list directly.

Thank you,

John K. Lerchey
Assistant Director for Incident Response
Information Security Office
Carnegie Mellon University

On Tue, 20 Feb 2007, Brian Allen wrote:

> I'll take a look and see what you have.
> You might want to contact REN-ISAC because they notify universities all
> the time when they have infected machines.  They could get this info out
> in a hurry to all the correct people.
> Thanks,
> Brian Allen
> Network Security Analyst
> Washington University
>> -----Original Message-----
>> From: unisog-bounces at lists.dshield.org [mailto:unisog-
>> bounces at lists.dshield.org] On Behalf Of J. Oquendo
>> Sent: Tuesday, February 20, 2007 11:50 AM
>> To: unisog at lists.dshield.org
>> Subject: [unisog] Cleaning up those networks
>> Greetings all. For those who I've dealt with before many thanks on the
>> help you'd given. For the past three months I've been compiling
>> information from hosts that have been brute force ssh attacking
> servers
>> that are running a program I have written called "Shapener".
>> (http://www.infiltrated.net/scripts/sharpener) I have sorted out the
>> information and traced back those IP address that fall under
>> Academialand and have compiled the following list of Universities
> which
>> have possible compromised machines.
>> Rather than post those address (to avoid having misguided individuals
>> who may be on this list), I am posting the Universities in hopes
>> admins/engineers of these institutions will contact me back for the
>> information on the host that is attacking, along with the date and
>> timestamps of the attacks. My hopes are to minimize intrusions,
> malware,
>> spyware, etc., and solely inform other engineers of issues coming out
> of
>> their networks. I sincerely hope those contacted will assist. The
> entire
>> list of attacking IP addresses is in the 47k range with 38 host
>> reporting on a 5 minute basis to a repository I've set up. Here are
> the
>> Universities.
>> Some folks may have been contacted already so apologies in advance. I
>> will give the Universities 15 business days to respond for those that
>> don't they will continue to be listed as threats and their networks
> will
>> be blocked from 38 individual networks 8 of which are /17's. For those
>> who respond, I will promptly remove the addresses.
>> California State University at Fresno
>> Carnegie Mellon University
>> Carroll College
>> Emory University
>> Florida Atlantic University
>> Florida Information Resource Network
>> Georgia Institute of Technology
>> Gonzaga University
>> Howard University
>> Illinois Institute of Technology
>> Indiana University - Purdue University Fort
>> Louisiana State University
>> Marquette University
>> Massachusetts Institute of Technology
>> NTT America, Inc.
>> New York University
>> Ohio State University
>> Purdue University
>> SUNY College at Fredonia
>> San Diego County Office of Education
>> San Francisco State University
>> Stanford University
>> State University of New York at
>> Texas A&M University
>> The Drexel University Campus
>> Universite Laval
>> University of California, Los Angeles
>> University of Georgia
>> University of Illinois
>> University of Lethbridge
>> University of Massachusetts
>> University of Medicine and Dentistry of
>> University of Michigan
>> University of Missouri-Columbia
>> University of Mobile
>> University of Oklahoma
>> University of Pennsylvania
>> University of Puerto Rico
>> University of Rhode Island
>> University of Texas at Austin
>> University of Texas at San Antonio
>> University of Virginia
>> University of Washington
>> University of Wyoming
>> Vanderbilt University
>> Walla Walla College
>> Washington University
>> Westnet
>> York University
>> Respectfully,
>> Jesus Oquendo / sil
>> ====================================================
>> J. Oquendo
>> GPG Key http://www.infiltrated.net/sil.key
>> The happiness of society is the end of government.
>> John Adams
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog

More information about the unisog mailing list