[Leaplist] Server break-in attempt through NAGIOS user

patrick pberry2 at cfl.rr.com
Thu Sep 6 18:26:54 EDT 2007 

David Simmons wrote:
> 
> Guys/Gals,
>  
>  Just was able to catch a 'break in attempt' on one
> of my webservers
>  
>  It was from the RIPE network in
> Amserdam....IP address was 86.126.41.177
>  
> 
> they were logging in through the NAGIOS user and (trying to run)
> two programs (files from):
>  
>  brute.tgz
>  fast.tgz
>  
>  Just a word of caution to double-check those servers....
>  
> 
> dave
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Leaplist mailing list
> Leaplist at leap-cf.org
> http://lists.leap-cf.org/mailman/listinfo/leaplist

My whois query brings back:

> % This is the RIPE Whois query server #1.
> % The objects are in RPSL format.
> %
> % Rights restricted by copyright.
> % See http://www.ripe.net/db/copyright.html
> 
> % Note: This output has been filtered.
> %       To receive output for a database update, use the "-B" flag.
> 
> % Information related to '86.126.41.0 - 86.126.41.255'
> 
> inetnum:        86.126.41.0 - 86.126.41.255
> netname:        RO-RCS-RDS-FIBERLINK
> descr:          RCS & RDS S.A.
> descr:          FiberLink Customers
> descr:          Craiova city
> country:        RO
> admin-c:        RDS-RIPE
> tech-c:         RDS-RIPE
> status:         ASSIGNED PA
> mnt-by:         AS8708-MNT
> source:         RIPE # Filtered
> 
> role:           Romania Data Systems NOC
> address:        71-75 Dr. Staicovici
> address:        Bucharest / ROMANIA
> phone:          +40 21 30 10 888
> fax-no:         +40 21 30 10 892
> e-mail:         contact-tech at rdsnet.ro
> admin-c:        CN19-RIPE
> admin-c:        GEPU1-RIPE
> tech-c:         CN19-RIPE
> tech-c:         GEPU1-RIPE
> nic-hdl:        RDS-RIPE
> mnt-by:         AS8708-MNT
> remarks:        +-----------------------------------------------------------+
> remarks:        | ABUSE CONTACT: abuse at rdsnet.ro IN CASE OF HACK ATTACKS,   |
> remarks:        | ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC.    |
> remarks:        +-----------------------------------------------------------+
> source:         RIPE # Filtered
> 
> % Information related to '86.120.0.0/13AS8708'
> 
> route:        86.120.0.0/13
> descr:        RDSNET
> origin:       AS8708
> mnt-by:       AS8708-MNT
> source:       RIPE # Filtered
> 
>

More information about the Leaplist mailing list