[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] Re: Backdoor over http(s)??



<SNIP>
> > 218.234.171.84 - From where the files are downloaded

Korea - not sure what it is but whois returns some useful information
along with a whole lot of korean stuff:
IP Address         : 218.234.170.0-218.234.171.255
Network Name       : HANANET-HIGHBAN-PUSANINFORMATION
Connect ISP Name   : HANANET
[ Organization Information ]
Orgnization ID     : ORG251097
Org Name           : PUSANINFORMATION
State              : PUSAN
Address            : 364-5 DEOKPO2-DONG SASANG-GU
Zip Code           : 617-815
[ Admin Contact Information]
Name               : YONGSU JEONG
Org Name           : PUSANINFORMATION
State              : PUSAN
Address            : 364-5 DEOKPO2-DONG SASANG-GU
Zip Code           : 617-815
Phone              : +82-51-303-7575
Fax                : +82-51-303-7575
E-Mail             : jys@xxxxxxxxxxx
[ Technical Contact Information ]
Name               : YONGSU JEONG
Org Name           : PUSANINFORMATION
State              : PUSAN
Address            : 364-5 DEOKPO2-DONG SASANG-GU
Zip Code           : 617-815
Phone              : +82-51-303-7575
Fax                : +82-51-303-7575
E-Mail             : jys@xxxxxxxxxxx


> > 163.17.51.8    - Where the application connects to when it is run on the

Taiwan Academical (Script kiddies?)
inetnum:      163.17.0.0 - 163.17.255.255
netname:      TANET
descr:        Taiwan Academic Network
descr:        Ministry of Education computer Center
descr:        12F, No 106, Sec. 2, Heping E. Rd., Taipei
country:      TW
admin-c:      TA61-AP
tech-c:       TA61-AP
mnt-by:       MAINT-TW-TWNIC
changed:      hostmaster@xxxxxxxxxxxx 20030620
address:      Ministry of Education computer Center
address:      12F, No 106, Sec. 2, Heping E. Rd., Taipei
address:      Taipei Taiwan
country:      TW
phone:        +886-2-2737-7010 ext. 305
fax-no:       +886-2-2737-7043
e-mail:       tanetadm@xxxxxxxxxx
nic-hdl:      TA61-AP
mnt-by:       MAINT-TW-TWNIC
changed:      hostmaster@xxxxxxxxx 20020507
source:       APNIC


May be worth dropping some emails to the technical contacts - The
advantage of it being academical they may be more interested in keeping
their networks clean.

Regards
Hubba





-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here