177.71.233.220.static.exetel.com.au infected?
Posted: Tue Oct 06, 2009 9:40 pm
Hi,
This [1] article contains a list [2] of Linux machines that are allegedly infected with "dt_ssh5", an ssh brute force script. The domain "177.71.233.220.static.exetel.com.au" appears in this list, and a ping tells me that there really is a machine at this address. Perhaps Exetel would like to contact the owner of this machine and tell them that they need to do a clean up? Apparently the script dt_ssh5 typically appears somewhere in the /tmp hierarchy (though that might be the least of their problems).
Addition: A reverse DNS lookup [3] says the IP address corresponds to the domain "4Digital.com.au".
Regards
John
[1] http://bsdly.blogspot.com/2009/10/third ... armed.html
[2] http://www.bsdly.net/~peter/sept30-brut ... -10-04.txt
[3] http://www.domaintools.com/reverse-ip/? ... 233.71.177
This [1] article contains a list [2] of Linux machines that are allegedly infected with "dt_ssh5", an ssh brute force script. The domain "177.71.233.220.static.exetel.com.au" appears in this list, and a ping tells me that there really is a machine at this address. Perhaps Exetel would like to contact the owner of this machine and tell them that they need to do a clean up? Apparently the script dt_ssh5 typically appears somewhere in the /tmp hierarchy (though that might be the least of their problems).
Addition: A reverse DNS lookup [3] says the IP address corresponds to the domain "4Digital.com.au".
Regards
John
[1] http://bsdly.blogspot.com/2009/10/third ... armed.html
[2] http://www.bsdly.net/~peter/sept30-brut ... -10-04.txt
[3] http://www.domaintools.com/reverse-ip/? ... 233.71.177