('binary' encoding is not supported, stored as-is) In-Reply-To: <F78IJZIqw15SEEouFDR00011d06at_private> After having looked around on IRC networks and spoke to the so called hakcer, it turns out that SGI servers were compromised by a malicious internal employee. Geert was happy to boast about his conquest and how he easy it was to hack SGI server through their internal network, and he was also happy to give me the details internal set up of SGI's infrastructure, internal IP addressing, domain names, 'etc. It seems Geert (aka) Geert Stoelan works for SGI, judging from his boasting, somehow he was managed to compromised a number of internal servers within SGI through password sniffing and local exploitation of the vulnerable systems. It is quite clear that security and network administrators at SGI have no ideas about these compromises and i cant help but wondering about integrity of IRIX Operating Systems and patches developed by SGI. How can we as users be sure that IRIX Operating System source tree has not been tempered with by the internal hackers? or how can we verify that any patches from SGI does not contain trojans and backdoors. As a loyal IRIX user, I am rather disappointed by the lack of response from SGI regarding the incidents, and more so, rather worry about creditbility of IRIX operating system, patches and any other software developed by SGI. Just for the refrence, a few information about Geert Stoelan http://www.geert.cc/resume/cv_uk.html http://www.geert.cc/aboutme.html I hope security folks at SGI would pull the fingers out of their a** and start doing something about their internal security before the reputation of SGI and IRIX Operating System is seriously damaged by this particular incident. Matthew Wells (CCSP/CISSP) Security Architect Symantec. email : matty_wellsat_private >From: "Zehra Erseymen" <zehra_erseymenat_private> >To: incidentsat_private >Subject: SGI.com hosts HACKED and being abused by scriptkiddies on IRC. >Date: Wed, 15 Jan 2003 00:36:35 +0000 >Mime-Version: 1.0 >Content-Type: text/plain; format=flowed >Message-ID: <F78IJZIqw15SEEouFDR00011d06at_private> >X-OriginalArrivalTime: 15 Jan 2003 00:36:35.0507 (UTC) FILETIME= [28938830:01C2BC2E] > > > >SGI.COM hosts are being abused by ircwar kiddies/scriptkids on the IRCNET >network (ircnet.demon.co.uk, irc.stealth.net, irc1.us.ircnet.net and other >servers) >These kiddies are taking irc channels, compromising furthur servers and >launching ddos attacks, and appear also to have compromised the SGI email >services, since abuse reports were met with silence. Today they launched a >spoofed ddos attack from ip`s with > >a /whois report follows: >ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - >| Geert (~geertat_private) (Internic Commercial) >³ ircname : The.Judge >| channels : @#tropical #DaJudge @#bnc @#Bitches @#irclords >³ server : irc-2.stealth.net (Stealth Communications, New York City) >: idle : 8 hours 32 mins 58 secs (signon: Thu Jan 1 01:00:00 1970) >ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- - >| DaJudge (~Judge@yog-sothoth.sgi.com) (Internic Commercial) >³ ircname : The.Judge >| channels : #singletown #DaJudge @#tropical @#bnc @#Bitches @#irclords >³ server : irc-2.stealth.net (Stealth Communications, New York City) >: idle : 7 hours 53 mins 12 secs (signon: Thu Jan 1 01:00:00 1970) > >Feel free to connect to ircnet and verify this for yourself.. >#irclords is a known kiddie channel, frequented by kiddies who think they >are the "lords" of irc Also #bnc is a channel used for the trading of >"psybnc" accounts on compromised servers. > > > > > >_________________________________________________________________ >The new MSN 8: smart spam protection and 2 months FREE* >http://join.msn.com/?page=features/junkmail > > >------------------------------------------------------------------------- --- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 06:16:25 PST