Article 9073 at 07/03/11 01:38:34 From: arturs (at mark) netvision.net.il Subject: [coba-e:09073] Re: CentOS+BQ hacked?

Index: [Article Count Order] [Thread]
Date:  Sat, 10 Mar 2007 18:36:52 +0200
From:  Arthur Sherman <arturs (at mark) netvision.net.il>
Subject:  [coba-e:09073] Re: CentOS+BQ hacked?
To:  coba-e (at mark) bluequartz.org
Message-Id:  <012a01c76332$4f0e7290$3701a8c0@lapxp>
In-Reply-To:  <364696028.20070309191129 (at mark) gmx.net>
X-Mail-Count: 09073

> >> If you ping aca25f24.ipt.aol.com
> >> You get back this IP 172.162.95.36 
> >> 
> >> It sounds a lot like a private IP address or an automatic 
> >> address that the
> >> NIC takes automatically after not finding a DHCP server.
> 
> AS> Ooops. It is private in the range 172.16.0.0 - 
> 172.31.255.255 , as per
> AS> http://en.wikipedia.org/wiki/Private_network
> 
> AS> It seems to me to be Akamai cache server, but I may be wrong.
> AS> Anyway, it seems suspicious. Did you run chkrootkit and 
> all that stuff?
> AS> Or, check for changed/created files with 'find'...
> 
> 
> AS> Best,
> 
> AS> --
> AS> Arthur Sherman
> 
> AS> +972-52-4878851
> AS> http://www.cpt.co.il/ 
> 
> 172.162.95.36 is NOT within the range of 172.16.0.0 - 172.31.255.255
> !!!!
> Had it been a reserved address, then there would not be a reverse name
> lookup.
> It's a dynamically assigned address (usually some customer premises)
> by AOL.
> 
> -- 
> Best regards,
>  Chris                            mailto:C.Hemsing (at mark) gmx.net

That's exactly what I am saying, Chris.
I meant 'the range is private...'
:)


Best,

--
Arthur Sherman

+972-52-4878851
http://www.cpt.co.il/