This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] Is the Atlas probe hackable?
- Previous message (by thread): [atlas] Is the Atlas probe hackable?
- Next message (by thread): [atlas] Is the Atlas probe hackable?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Daniel Karrenberg
daniel.karrenberg at ripe.net
Wed Jul 6 08:56:35 CEST 2016
I am positive tinba cannot run on the probes. So either that IDS is brain damaged or some joker made a UDM that acts like tinba or both. What Marc said: the 'CnC' appears to be at the root name servers. Queue conspiracy theory ..... Daniel On 5.07.16 14:15 , Hank Nussbacher wrote: > I received a report from one of our security monitoring systems about > one of our probes (#17846) - https://atlas.ripe.net/probes/17846/ which > appears to be infected with Tinba: > > >> Security incident #1 - Tinba infection > >> Involved internal Hosts: > >> atlas-probe.cc.biu.ac.il 132.70.248.150 spotted since > >> 2016-06-30 > >> 23:58:54 till 2016-07-01 05:01:20 > >> Malicious activities found: > >> Tinba infection > >> related indication of compromise: > >> Communication with CnC > >> 192.112.36.4 > >> 192.203.230.10 > >> 192.228.79.201 > >> 192.33.4.12 > >> 192.36.148.17 > >> 193.0.14.129 > >> 198.41.0.4 > >> 198.97.190.53 > >> 199.7.83.42 > >> 199.7.91.13 > >> 202.12.27.33 > > > Should we be worried? > > > Thanks, > > Hank >
- Previous message (by thread): [atlas] Is the Atlas probe hackable?
- Next message (by thread): [atlas] Is the Atlas probe hackable?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]