Récemment, Iain Craig a écrit : > > There was a LOT of those, all very fast like a DoS attempt. Other > usernames I was seeing in a similar DoS fashion from the same time > and IP were Ogpuserat_private, Kgpuserat_private, and Lgpuserat_private > > Anyone know of a kiddie tool that uses these names? > > Incidentally, from the WHOIS on that IP: > > inetnum: 81.64.0.0 - 81.67.255.255 > netname: FR-CYBERCABLE-20020103 > descr: LYONNAISE COMMUNICATIONS > PROVIDER Local Registry > country: FR > admin-c: LC220-RIPE > tech-c: LC224-RIPE > status: ALLOCATED PA > mnt-by: RIPE-NCC-HM-MNT > mnt-lower: AS6678-MNT > mnt-routes: AS6678-MNT > changed: hostmasterat_private 20020103 > changed: hostmasterat_private 20020108 > source: RIPE > > That's not the only IP these DoS-ish requests came from; going > through the others now. Wondering if I'm dealing with two seperate > incidents here, the defacement and a seperate DoS or DDoS. > > Any advice or guidance appreciated. I've the same provider. I would suggest that you report the incident to him abuseat_private or abuseat_private (actualy the same provider) Jean-Luc Cavey 65, bd Brune 75014 Paris, France +33 (0) 1 45 43 45 62 +33 (0) 6 15 93 77 96 E-Mail : Jean-Lucat_private ICQ/UIN : 122785712 ================================ La presence de ce texte prouve que ce message electronique a ete verifie par un logiciel anti-virus à jour au moment de l'envoi. The presence of this text proves that this e-mail has been verified by an up-to-date anti-virus software at the time of the sending. ================================ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jun 05 2002 - 10:23:57 PDT