[unisog] Cleaning up those networks

Hendra Hendrawan hendra at yorku.ca
Wed Feb 21 01:18:12 GMT 2007


Hi,

I would like to get the list of infected hosts residing at York University 
as well. Please send it to infosec at yorku.ca. 
Thanks  in advance. 

Regards,

Hendra Hendrawan
Information Security Analyst
CNS Information Security
York University


unisog-bounces at lists.dshield.org wrote on 02/20/2007 02:04:58 PM:

> I too would like to see what you have.  Please send me the Carnegie 
Mellon 
> list directly.
> 
> Thank you,
> 
> John K. Lerchey
> Assistant Director for Incident Response
> Information Security Office
> Carnegie Mellon University
> 
> On Tue, 20 Feb 2007, Brian Allen wrote:
> 
> > I'll take a look and see what you have.
> >
> > You might want to contact REN-ISAC because they notify universities 
all
> > the time when they have infected machines.  They could get this info 
out
> > in a hurry to all the correct people.
> >
> > Thanks,
> > Brian Allen
> > Network Security Analyst
> > Washington University
> >
> >> -----Original Message-----
> >> From: unisog-bounces at lists.dshield.org [mailto:unisog-
> >> bounces at lists.dshield.org] On Behalf Of J. Oquendo
> >> Sent: Tuesday, February 20, 2007 11:50 AM
> >> To: unisog at lists.dshield.org
> >> Subject: [unisog] Cleaning up those networks
> >>
> >> Greetings all. For those who I've dealt with before many thanks on 
the
> >> help you'd given. For the past three months I've been compiling
> >> information from hosts that have been brute force ssh attacking
> > servers
> >> that are running a program I have written called "Shapener".
> >> (http://www.infiltrated.net/scripts/sharpener) I have sorted out the
> >> information and traced back those IP address that fall under
> >> Academialand and have compiled the following list of Universities
> > which
> >> have possible compromised machines.
> >>
> >> Rather than post those address (to avoid having misguided individuals
> >> who may be on this list), I am posting the Universities in hopes
> >> admins/engineers of these institutions will contact me back for the
> >> information on the host that is attacking, along with the date and
> >> timestamps of the attacks. My hopes are to minimize intrusions,
> > malware,
> >> spyware, etc., and solely inform other engineers of issues coming out
> > of
> >> their networks. I sincerely hope those contacted will assist. The
> > entire
> >> list of attacking IP addresses is in the 47k range with 38 host
> >> reporting on a 5 minute basis to a repository I've set up. Here are
> > the
> >> Universities.
> >>
> >> Some folks may have been contacted already so apologies in advance. I
> >> will give the Universities 15 business days to respond for those that
> >> don't they will continue to be listed as threats and their networks
> > will
> >> be blocked from 38 individual networks 8 of which are /17's. For 
those
> >> who respond, I will promptly remove the addresses.
> >>
> >> California State University at Fresno
> >> Carnegie Mellon University
> >> Carroll College
> >> Emory University
> >> Florida Atlantic University
> >> Florida Information Resource Network
> >> Georgia Institute of Technology
> >> Gonzaga University
> >> Howard University
> >> Illinois Institute of Technology
> >> Indiana University - Purdue University Fort
> >> Louisiana State University
> >> Marquette University
> >> Massachusetts Institute of Technology
> >> NTT America, Inc.
> >> New York University
> >> Ohio State University
> >> Purdue University
> >> SUNY College at Fredonia
> >> San Diego County Office of Education
> >> San Francisco State University
> >> Stanford University
> >> State University of New York at
> >> Texas A&M University
> >> The Drexel University Campus
> >> Universite Laval
> >> University of California, Los Angeles
> >> University of Georgia
> >> University of Illinois
> >> University of Lethbridge
> >> University of Massachusetts
> >> University of Medicine and Dentistry of
> >> University of Michigan
> >> University of Missouri-Columbia
> >> University of Mobile
> >> University of Oklahoma
> >> University of Pennsylvania
> >> University of Puerto Rico
> >> University of Rhode Island
> >> University of Texas at Austin
> >> University of Texas at San Antonio
> >> University of Virginia
> >> University of Washington
> >> University of Wyoming
> >> Vanderbilt University
> >> Walla Walla College
> >> Washington University
> >> Westnet
> >> York University
> >>
> >>
> >> Respectfully,
> >> Jesus Oquendo / sil
> >>
> >> ====================================================
> >> J. Oquendo
> >> GPG Key http://www.infiltrated.net/sil.key
> >> The happiness of society is the end of government.
> >> John Adams
> >
> > _______________________________________________
> > unisog mailing list
> > unisog at lists.dshield.org
> > https://lists.sans.org/mailman/listinfo/unisog
> >
> >
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20070220/67e61971/attachment-0001.htm 


More information about the unisog mailing list