Microsoft hackuje :)

Thread View: pl.comp.os.advocacy

1 messages

[T] Back to Threads [V] Tree View [G] Group Articles

1 total messages Started by tch@virtall.com Sat, 17 May 2014 17:21

#280100

Author: tch@virtall.com
Date: Sat, 17 May 2014 17:21

93 lines
3067 bytes

Patrze sobie na logi jednego z serwerow, i zastanawia mnie zbyt duza liczba linijek typu:

May 17 23:44:34 bkp010.virtall.com proftpd[16579] 144.76.67.84 (191.238.81.33[191.238.81.33]): USER ftp (Login failed): Incorrect password
May 17 23:44:34 bkp010.virtall.com proftpd[16579] 144.76.67.84 (191.238.81.33[191.238.81.33]): SSH2 session closed.
May 17 23:44:34 bkp010.virtall.com proftpd[16580] 144.76.67.84 (191.238.81.33[191.238.81.33]): SSH2 session opened.
May 17 23:44:35 bkp010.virtall.com proftpd[16580] 144.76.67.84 (191.238.81.33[191.238.81.33]): USER tester: no such user found from 191.238.81.33 [191.238.81.33] to ::ffff:144.76.67.84:22
May 17 23:44:36 bkp010.virtall.com proftpd[16580] 144.76.67.84 (191.238.81.33[191.238.81.33]): SSH2 session closed.
May 17 23:44:36 bkp010.virtall.com proftpd[16582] 144.76.67.84 (191.238.81.33[191.238.81.33]): SSH2 session opened.
May 17 23:44:37 bkp010.virtall.com proftpd[16582] 144.76.67.84 (191.238.81.33[191.238.81.33]): USER tester: no such user found from 191.238.81.33 [191.238.81.33] to ::ffff:144.76.67.84:22


Tym razem nie chodzi jednak o te nudne bledne loginy, ale o adres IP, z ktorego to zgadywanie hasel nastepuje: 191.238.81.33.

Zgodnie z whois, adres nalezy do Microsoft Informatica Ltda, brazylijskiej czesci Microsoftu.

Zmieniaja profil dzialalnosci i zajmuja sie z´teraz wlamywaniem do cudzych serwerow? :)


# whois 191.238.81.33

% Joint Whois - whois.lacnic.net
%  This server accepts single ASN, IPv4 or IPv6 queries
 
% Brazilian resource: whois.registro.br


% Copyright (c) Nic.br
%  The use of the data below is only permitted as described in
%  full by the terms of use at http://registro.br/termo/en.html ,
%  being prohibited its distribution, comercialization or
%  reproduction, in particular, to use it for advertising or
%  any similar purpose.
%  2014-05-17 21:21:30 (BRT -03:00)

inetnum:     191.236/14
aut-num:     AS8075
abuse-c:     BEORN2
owner:       Microsoft Informatica Ltda
ownerid:     060.316.817/0001-03
responsible: Benjamin Orndorff
country:     BR
owner-c:     BEORN2
tech-c:      BEORN2
inetrev:     191.236/14
nserver:     ns1.msft.net
nsstat:      20140430 AA
nslastaa:    20140430
nserver:     ns2.msft.net
nsstat:      20140430 AA
nslastaa:    20140430
nserver:     ns3.msft.net
nsstat:      20140430 AA
nslastaa:    20140430
nserver:     ns4.msft.net
nsstat:      20140430 AA
nslastaa:    20140430
nserver:     ns5.msft.net
nsstat:      20140430 AA
nslastaa:    20140430
created:     20130911
changed:     20130911

nic-hdl-br:  BEORN2
person:      Benjamin Orndorff
e-mail:      domains@microsoft.com
created:     20110810
changed:     20131212

% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/, respectivelly to cert@cert.br
% and mail-abuse@cert.br
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), registrant (tax ID), ticket,
% provider, contact handle (ID), CIDR block, IP and ASN.


-- 
Tomasz Chmielewski
htp://blog.wpkg.org

Thread Navigation

This is a paginated view of messages in the thread with full content displayed inline.

Messages are displayed in chronological order, with the original post highlighted in green.

Use pagination controls to navigate through all messages in large threads.

Back to All Threads