[HECnet] 108.31.82.9/QCOCAL
Johnny Billquist
bqt at softjar.se
Wed Jun 22 08:46:23 PDT 2016
On 2016-06-22 13:02, Jordi Guillaumes i Pons wrote:
>
>> El 20 juny 2016, a les 20:14, Brian Schenkenberger, VAXman- <system at TMESIS.COM> va escriure:
>>
>> 108.31.82.9.
>
> Uh, I’d bet the simulated 3900 is not the real origin of the attack you are getting. It is probably behind a home DSL/cable router, whith port 23 redirected to the 3900’, which has probably a private IP address masqueraded using NAT… So probably the node owner has been hacked and zombified, regadrless of he having a pet 3900 open to the net.
Thanks. I actually forgot to bring this up. I would be surprised if the
script kiddies of today would have the first clue on how to automate any
penetration attack actually from VMS... So it would be interesting to
actually find out a bit more on what actually happened on the
originating side...
> Anyway, it would be good to send a heads up to the operator. I can’t see any QCOCAL node in HECNET, so I don’t know ho he is.
Haven't updated your database in a while? :-)
http://mim.update.uu.se/nodedb?search=qcocal&field=0&sort=0
Johnny
More information about the Hecnet-list
mailing list