betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

26 April 2007

Speaking of "Underground"...

Hello Nortelnetworks! Nice to hear from you...

While I was doing some logspotting yesterday I discovered a couple of accesses that came from some hosts that looked like a lot of open proxies or a botnet or something. Someone was likely abusing them for scraping mail addresses off web sites. One of them rang a "Bell": I had seen the name "NorTel" in the book "Underground" (see this post). Even thouth the IP didn't have a reverse DNS entry, the "whois" showed it belonging to "Bell-Northern Research" aka "Nortel Networks". In the book, the "hacker" kids find a way into one of Nortel's telephone exchanges and later into their company network. So maybe one of the researchers set up a test server and forgot to lock it down? ...and now some "hackers" got into it?...


Looked more like "spammers" to me then. Looking at the senderbase report for the IP I noticed quite some activity there:

   Report on IP address: 47.234.Χ.ΥΖ
   Volume Statistics for this IP
                Magnitude Vol Change vs. Average
   Last day     3.2       23830%
   Last 30 days 1.4       363%
   Average      0.7
(This is for today, yesterday the increase of mail out sending was "only" 18618%.) Fired off a mail to their abuse@ address and to hostmaster@, because that's what the "whois" says. The abuse@ address bounced, because it tells me that I should use @nortel.com instead of @nortelnetworks.com -- maybe they should update their ARIN / whois contact info?

Of course I haven't heard back from hostmaster@ today either. I'll fire off a second mail today, this time to the "other" abuse@ address. Could be I should tell them that they have a "hacker" in their network, maybe that would wake them up?

Posted by betabug at 09:31 | Comments (0) | Trackbacks (0)
ch athens
Life in Athens (Greece) for a foreigner from the other side of the mountains. And with an interest in digital life and the feeling of change in a big city. Multilingual English - German - Greek.
Main blog page
Recent Entries
Best of
Some of the most sought after posts, judging from access logs and search engine queries.

Apple & Macintosh:
Security & Privacy:
Misc technical:
Athens for tourists and visitors:
Life in general:
<< Happy Nameday George and Gogo | Main | Ναυτική απορία >>
Comments
There are no comments.
Trackbacks
You can trackback to: http://betabug.ch/blogs/ch-athens/594/tbping
There are no trackbacks.
Leave a comment