OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Cracking tools and backdoors [was cracked by Brazilians]
From: Dave Dittrich (dittrichCAC.WASHINGTON.EDU)
Date: Tue Apr 04 2000 - 17:40:54 CDT

On Fri, 31 Mar 2000, Seth Milder wrote:

> I did a bit of snooping around. I found where they were keeping the
> network traffic and where they were sending it: to
> server.chethams.org.uk, whatever that is (I aim to find out). I put most
> of their stuff in the attached file for inspection.

Since you published the files, I guess there is no point in being quiet
about this.

The file "core" in /tmp/.pk/bscan shows the scanner was being run
against a system at the time:

./binfo
207.90.11.5
HISTSIZE=1000
HOSTNAME=physics.gmu.edu
LOGNAME=postgres

This system is:

pm-clw-3-259.intnet.net:
    Internet address = 207.90.11.5

Is owned (for now ;) by:

MTD Computer Services (NET-NET-MTDC)
   2561 Nursery Rd. #B
   Clearwater, FL 34624
   USA

   Netname: NET-MTDC
   Netnumber: 207.90.11.0

   Coordinator:
      Groulx, John (JG1648-ARIN) sportspacINTNET.NET
      813-532-4800

Might want to contact them... 

--
Dave Dittrich                 Client Services
dittrichcac.washington.edu   Computing & Communications
                              University of Washington

<a href="http://www.washington.edu/People/dad/">
Dave Dittrich / dittrichcac.washington.edu [PGP Key]</a>

PGP 6.5.1 key fingerprint:
FE 97 0C 57 08 43 F3 EB  49 A1 0C D0 8E 0C D0 BE  C8 38 CC B5