[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Fwd: EZZI.net Abuse Warning



Here's the "boiler plate" I use for such things (137.148.5.13 was previously the exit-node router "csutor"). You should obviously 's/137.148.5.13/your.ip.address/g':

--snip--

137.148.5.13 is an anonymous proxy that's part of the TOR network. You
can learn more about TOR at http://tor.eff.org.

We are unable to assist you in tracing the source of this attack, but it
did not originate from us -- TOR requires all traffic traverse three
"onion routers" in physically separate locations -- 137.148.5.13 just
happened to be the "exit node" for this particular session.

You're welcome to block 137.148.5.13 as you see fit. There are also
several free sites that assist in dynamic (DNSBL) blocking of TOR if you
so desire -- one is http://www.ahbl.org. TOR developers also make
available a Python script : http://tor.eff.org/cvs/tor/contrib/exitlist
which can obtain the IP addresses of all TOR exit nodes, given a copy of
the current directory : http://belegost.mit.edu/

Please let me know if I can be of further assistance.

Regards,

Michael Holstein CISSP GCIA
IS&T Information Security
Cleveland State University


xiando wrote:
Subject: EZZI.net Abuse Warning
Date: Tuesday 23 januar 2007 22:39
From: abuse@xxxxxxxx
To: xiando@xxxxxxxxxx

xiando@xxxxxxxxxx

Regarding Server Main IP: 66.199.236.130

We got a notice from the Undernet IRC Network about a number of servers on
 our network making suspicious connections to their network, your server
 appears to be one of those boxes. It appears whoever caused this hacked the
 servers by brute forcing SSH logins and uploading a fake httpd binary and
 launching it.

Please look into this matter immediately, if you need help feel free to open
 a trouble ticket. It is also suggested you check your servers password
 policy and make sure your passwords are secure. We suggest at least 6
 characters, uppercase and lowercase letters and numbers.

We thank you in advance for your swift cooperation in this important matter.


Thank you, EZZI.net Support Team

-------------------------------------------------------

I got multiple copies of this (I have more than one Tor exit server).

There are - apparently - bad people on the Internet (no shit). It is likely the first time EZZI.net has got a (very much likely) Tor-related abuse complaint.

Please share any view on how to respond to EZZI.net about some person on the Internet hacking some box on the Internet using Tor (which seems to be why EZZI.net wants me to explain myself).

Thanks.