Paypal.com hosting IRC server, possible hack?

From: mistymountainhopat_private
Date: Thu Jan 23 2003 - 21:23:54 PST

Next message: Otto Dandenell: "Re: Increased activity on UDP/1434"

Previous message: James C Slora Jr: "RE: SNMP Weirdness"
Next in thread: dtmat_private: "Re: Paypal.com hosting IRC server, possible hack?"
Reply: dtmat_private: "Re: Paypal.com hosting IRC server, possible hack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A system on the Paypal.com domain is hosting an IRC server. Historically, IRC servers have had security issues, and they continue to be high-profile targets. I am not sure if these servers are being intentionally run by a Paypal.com administrator, or if they have been set up by crackers to use Paypal.com’s bandwidth.

The IRC server was recently introduced to an IRC network, EnterTheGame (http://www.enterthegame.com), as ca.enterthegame.com:

[user@box ~]$ nslookup ca.enterthegame.com
Name: irc.enterthegame.com
Addresses: 209.131.67.21, 216.136.154.43, 209.131.67.20
Aliases: ca.enterthegame.com

[user@box ~]$ nslookup 216.136.154.43
Name: node-216-136-154-43.networks.paypal.com
Address: 216.136.154.43
Aliases: 43.154.136.216.in-addr.arpa

[user@box ~]$ nc node-216-136-154-43.networks.paypal.com 6667
:Ca.EnterTheGame.Com NOTICE AUTH :*** Looking up your hostname...
:Ca.EnterTheGame.Com NOTICE AUTH :*** Checking Ident
:Ca.EnterTheGame.Com NOTICE AUTH :*** Found your hostname
:Ca.EnterTheGame.Com NOTICE AUTH :*** No Ident response

I’m not sure if this server is being intentionally hosted, or if it’s the work of crackers who have obtained access to a Paypal.com system. If the server is being intentionally hosted, the Paypal administrators are knowingly subjecting their customers and investors to additional security risks. Moreover, being part of an IRC network may subject Paypal.com to the actions of the IRC users, which may include allowing or promoting the distribution of illegal software. If Paypal is not intentionally hosting the server, it is safe to assume that they have been cracked and customer data (names, credit cards, and more), as well as Paypal and Ebay’s internal network, is at risk of compromise.

Contact information for EnterTheGame, which was obtained from http://www.enterthegame.com, are the email addresses infoat_private, pressat_private, and supportat_private Inquiring emails to Paypal.com were not answered after 48 hours.



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Otto Dandenell: "Re: Increased activity on UDP/1434"
Previous message: James C Slora Jr: "RE: SNMP Weirdness"
Next in thread: dtmat_private: "Re: Paypal.com hosting IRC server, possible hack?"
Reply: dtmat_private: "Re: Paypal.com hosting IRC server, possible hack?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 08:16:28 PST