This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] Is the Atlas probe hackable?
- Previous message (by thread): [atlas] Is the Atlas probe hackable?
- Next message (by thread): [atlas] Is the Atlas probe hackable?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mark Santcroos
mark at santcroos.net
Tue Jul 5 14:20:09 CEST 2016
FYI: the addresses are those of the root name servers. On Tue, Jul 5, 2016 at 2:15 PM, Hank Nussbacher <hank at efes.iucc.ac.il> wrote: > I received a report from one of our security monitoring systems about one of > our probes (#17846) - https://atlas.ripe.net/probes/17846/ which appears to > be infected with Tinba: > > >> Security incident #1 - Tinba infection > >> Involved internal Hosts: > >> atlas-probe.cc.biu.ac.il 132.70.248.150 spotted since > >> 2016-06-30 > >> 23:58:54 till 2016-07-01 05:01:20 > >> Malicious activities found: > >> Tinba infection > >> related indication of compromise: > >> Communication with CnC > >> 192.112.36.4 > >> 192.203.230.10 > >> 192.228.79.201 > >> 192.33.4.12 > >> 192.36.148.17 > >> 193.0.14.129 > >> 198.41.0.4 > >> 198.97.190.53 > >> 199.7.83.42 > >> 199.7.91.13 > >> 202.12.27.33 > > > Should we be worried? > > > Thanks, > > Hank
- Previous message (by thread): [atlas] Is the Atlas probe hackable?
- Next message (by thread): [atlas] Is the Atlas probe hackable?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]