[atlas] Is the Atlas probe hackable?
- Previous message (by thread): [atlas] Is there something up with atlas.ripe.net at the moment ?
- Next message (by thread): [atlas] Is the Atlas probe hackable?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hank Nussbacher
hank at efes.iucc.ac.il
Tue Jul 5 14:15:19 CEST 2016
I received a report from one of our security monitoring systems about one of our probes (#17846) - https://atlas.ripe.net/probes/17846/ which appears to be infected with Tinba: > Security incident #1 - Tinba infection > Involved internal Hosts: > atlas-probe.cc.biu.ac.il 132.70.248.150 spotted since > 2016-06-30 > 23:58:54 till 2016-07-01 05:01:20 > Malicious activities found: > Tinba infection > related indication of compromise: > Communication with CnC > 192.112.36.4 > 192.203.230.10 > 192.228.79.201 > 192.33.4.12 > 192.36.148.17 > 193.0.14.129 > 198.41.0.4 > 198.97.190.53 > 199.7.83.42 > 199.7.91.13 > 202.12.27.33 Should we be worried? Thanks, Hank -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/ripe-atlas/attachments/20160705/f80d2390/attachment.html>
- Previous message (by thread): [atlas] Is there something up with atlas.ripe.net at the moment ?
- Next message (by thread): [atlas] Is the Atlas probe hackable?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]