[X4U] Warning received from Network Administrator

Earle Jones earle.jones at comcast.net
Tue Feb 6 17:00:01 PST 2007


On Feb 5, 2007, at 2:17 PM, Paul Biddlecomb wrote:

>
> I received the notice from my Network Administrator:
>
> Your host connected to yetzirah.org over 6000 times between 09:03  
> and 09:13.  Files over 1 megabytes were transferred.  We suspect  
> that your host may be compromised, or misconfigured.  If so, you  
> may have to reinstall your system, install updated service packs,  
> and any relevant security patches, as other backdoors may have been  
> installed by hackers.  If your host causes network problems, it  
> will be blocked.
> How can I verify what may have happened?  What log file might show  
> files that may have been transferred?  I have the IP of the  
> offending computer....

*
Here is a copy of an email that was forwarded to me today:


From: Dewayne Hendricks <dewayne at warpspeed.com>
Date: February 6, 2007 6:13:21 PM EST
To: Dewayne-Net Technology List <dewayne-net at warpspeed.com>
Subject: [Dewayne-Net] Hackers Attack Key Net Traffic Computers
Reply-To: dewayne at warpspeed.com

Hackers Attack Key Net Traffic Computers
- By TED BRIDIS, Associated Press Writer
Tuesday, February 6, 2007
(02-06) 15:09 PST WASHINGTON, (AP) --

Hackers briefly overwhelmed at least three of the 13 computers that  
help manage global computer traffic Tuesday in one of the most  
significant attacks against the Internet since 2002.

Experts said the unusually powerful attacks lasted as long as 12  
hours but passed largely unnoticed by most computer users, a  
testament to the resiliency of the Internet. Behind the scenes,  
computer scientists worldwide raced to cope with enormous volumes of  
data that threatened to saturate some of the Internet's most vital  
pipelines.

The motive for the attacks was unclear, said Duane Wessels, a  
researcher at the Cooperative Association for Internet Data Analysis  
at the San Diego Supercomputing Center. "Maybe to show off or just be  
disruptive; it doesn't seem to be extortion or anything like that,"  
Wessels said.

Other experts said the hackers appeared to disguise their origin, but  
vast amounts of rogue data in the attacks were traced to South Korea.

The attacks appeared to target UltraDNS, the company that operates  
servers managing traffic for Web sites ending in "org" and some other  
suffixes, experts said. Officials with NeuStar Inc., which owns  
UltraDNS, confirmed only that it had observed an unusual increase in  
traffic.

Among the targeted "root" servers that manage global Internet traffic  
were ones operated by the Defense Department and the Internet's  
primary oversight body.

"There was what appears to be some form of attack during the night  
hours here in California and into the morning," said John Crain,  
chief technical officer for the Internet Corporation for Assigned  
Names and Numbers. He said the attack was continuing and so was the  
hunt for its origin.

"I don't think anybody has the full picture," Crain said. "We're  
looking at the data."

Crain said Tuesday's attack was less serious than attacks against the  
same 13 "root" servers in October 2002 because technology innovations  
in recent years have increasingly distributed their workloads to  
other computers around the globe.

AP Internet Writer Anick Jesdanun contributed to this story from New  
York.


URL: <http://sfgate.com/cgi-bin/article.cgi?file=/n/a/2007/02/06/ 
national/w125503S29.DTL>




More information about the X4U mailing list