We were alerted to a recent break in attempt yesterday evening on one of our Linux servers. The source IP's were as follows; 207.206.6.9 209.100.48.251 If anyperson is interested in searching their logs for traffic to and or from these IP addresses, you can probably do some pro-active monitoring to avoid any problems, as there should be no traffic from these IP's. I have contacted the owners of the address segments. But these boxes appear to be "owned". It appears that one IP compromised a router from an ISP to add routes for currently unused IP subnets that the ISP had. The tools that were used appear to be Queso and a perl script named Cracker. Root was not obtained, but several files on the box were corrupted and or compromised. If anyperson finds these IP addresses, and wishes to investigate further, please email me at the address below. Thank you for any help in this matter. Tim Doscher MCSE+I, MCT, CCNA [EMAIL PROTECTED] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
