[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spyware on OS X

Subject: Re: spyware on OS X
From: Nathan Sturtevant <email@hidden>
Date: Tue, 14 Sep 2004 16:59:39 -0600 (MDT)
Delivered-to: email@hidden
Delivered-to: email@hidden

> > It's pretty obvious, especially when the login attempts are serial...
> >
> > Sep 13 20:41:07 localhost xinetd[296]: START: ssh pid=1669 
> > from=64.246.26.9
> 
> Not meaning to beat this topic to death, but it seems you could track 
> down the hacker from the IP address 64.246.26.9 and get him kicked off 
> his service. Or is there more to it than that?

Often that address is from another hacked machine, which was hacked into 
from another machine, which was hacked into...

Running nslookup on the address returns:

Non-authoritative answer:
9.26.246.64.in-addr.arpa        name = ev1s-64-246-26-9.ev1servers.net.

Authoritative answers can be found from:
26.246.64.in-addr.arpa  nameserver = ns1.ev1.net.
26.246.64.in-addr.arpa  nameserver = ns2.ev1.net.

So, http://ev1servers.net/ has probably been hacked.

		Nathan

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Scitech mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/scitech/email@hidden

This email sent to email@hidden

References:
	>Re: spyware on OS X (From: Christopher Wright <email@hidden>)

Prev by Date: Re: spyware on OS X
Next by Date: X11 connections with standard X servers
Previous by thread: Re: spyware on OS X
Next by thread: Re: spyware on OS X
Index(es):
- Date
- Thread

Home