[atlas] Is the Atlas probe hackable?
- Previous message (by thread): [atlas] Is the Atlas probe hackable?
- Next message (by thread): [atlas] Is the Atlas probe hackable?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mark Santcroos
mark at santcroos.net
Tue Jul 5 14:20:09 CEST 2016
FYI: the addresses are those of the root name servers. On Tue, Jul 5, 2016 at 2:15 PM, Hank Nussbacher <hank at efes.iucc.ac.il> wrote: > I received a report from one of our security monitoring systems about one of > our probes (#17846) - https://atlas.ripe.net/probes/17846/ which appears to > be infected with Tinba: > > >> Security incident #1 - Tinba infection > >> Involved internal Hosts: > >> atlas-probe.cc.biu.ac.il 132.70.248.150 spotted since > >> 2016-06-30 > >> 23:58:54 till 2016-07-01 05:01:20 > >> Malicious activities found: > >> Tinba infection > >> related indication of compromise: > >> Communication with CnC > >> 192.112.36.4 > >> 192.203.230.10 > >> 192.228.79.201 > >> 192.33.4.12 > >> 192.36.148.17 > >> 193.0.14.129 > >> 198.41.0.4 > >> 198.97.190.53 > >> 199.7.83.42 > >> 199.7.91.13 > >> 202.12.27.33 > > > Should we be worried? > > > Thanks, > > Hank
- Previous message (by thread): [atlas] Is the Atlas probe hackable?
- Next message (by thread): [atlas] Is the Atlas probe hackable?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]