similarly the University for which I am a System Security Analyst holds the class B X.Y other X.x ranges continue to slam us with code red traffic including Cisco of all people. Any attempts at communication via arin listed contacts has proved useless. the 100 to 200 code red hits are camouflaging another 20 or so other http exploits to the point where we are having some difficulty sorting the other exploits from the noise. Any rational suggestions are welcome, we have decided Code-"fixit" would do more harm than good reguardless of legal implicatoins. fuzzzat_private -----Original Message----- From: r.fultonat_private [mailto:r.fultonat_private] Sent: Monday, September 10, 2001 4:54 PM To: incidentsat_private Subject: Contact for McDonnell Douglas Corporation (NET-MDC-NET) There are a whole bunch of code red II compromised boxes in 130.38/16. I have tried contacting the address given by ARIN (below) but have not had any response in well over a week. Anyone have any other suggestions on who to contact to get some action?? Cheers, Russell. whois -h whois.arin.net 130.38 McDonnell Douglas Corporation (NET-MDC-NET) 5701 Katella K34-4E Cypress, CA 90630 US Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 19:04:18 PDT