Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
Dahak
PostPosted: Thu Jan 14, 2010 11:36 am 
Offline
Senior Newbie

Joined: Wed Jun 18, 2008 10:44 am
Posts: 15
http://arstechnica.com/security/news/20 ... attack.ars
Top
   
Reply with quote  
caker
 Post subject:
PostPosted: Thu Jan 14, 2010 11:39 am 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
If you read the quote carefully, it says it currently points to a Linode.

-Chris
Top
   
Reply with quote  
waldo
 Post subject:
PostPosted: Thu Jan 14, 2010 1:16 pm 
Offline
Senior Member

Joined: Thu May 21, 2009 3:19 am
Posts: 336
Will you guys release more information? Like whether this was a malicious user or someone who was compromised?
Top
   
Reply with quote  
Guspaz
 Post subject:
PostPosted: Thu Jan 14, 2010 1:20 pm 
Offline
Senior Member
User avatar

Joined: Tue May 26, 2009 3:29 pm
Posts: 1691
Location: Montreal, QC
Normally, few companies would reveal any information like that. Although, in this case, with both Adobe and Google publicly pointing the finger at China, this is anything but a normal case.
Top
   
Reply with quote  
saiboogu
 Post subject:
PostPosted: Thu Jan 14, 2010 1:26 pm 
Offline
Senior Newbie

Joined: Sun Nov 22, 2009 12:16 pm
Posts: 15
I may have misread (it isn't entirely clear) but my read of it is that a dynamic DNS hostname was involved, and that hostname now points to a Linode. Maybe it was parked, maybe it was recycled.. But there's no claim that a Linode was involved in the actual attack.
Top
   
Reply with quote  
spearson
 Post subject:
PostPosted: Thu Jan 14, 2010 1:47 pm 
Offline
Senior Member

Joined: Thu Dec 04, 2008 10:55 am
Posts: 57
Location: New Jersey
I've been getting several brute force SSH attacks on my Fremont node from either Atlanta or Femont. :\

Most notably: 74.207.232.105 (li74-105.members.linode.com)


Last edited by spearson on Thu Jan 14, 2010 1:50 pm, edited 1 time in total.

Top
   
Reply with quote  
rainycity10
PostPosted: Thu Jan 14, 2010 1:48 pm 
Offline

Joined: Thu Jan 14, 2010 1:42 pm
Posts: 1
I'm very interested to hear where this investigation has gone. It would help the company if you could prove that they weren't using Linode servers to launch these attacks.
Top
   
Reply with quote  
Guspaz
 Post subject:
PostPosted: Thu Jan 14, 2010 2:11 pm 
Offline
Senior Member
User avatar

Joined: Tue May 26, 2009 3:29 pm
Posts: 1691
Location: Montreal, QC
rainycity10: More likely a Linode was rooted, making Linode as much of a victim here as the other companies.


Last edited by Guspaz on Thu Jan 14, 2010 7:23 pm, edited 1 time in total.

Top
   
Reply with quote  
mnordhoff
 Post subject:
PostPosted: Thu Jan 14, 2010 2:37 pm 
Offline
Senior Member

Joined: Sat May 03, 2008 4:01 pm
Posts: 569
Website: http://www.mattnordhoff.com/
spearson wrote:
I've been getting several brute force SSH attacks on my Fremont node from either Atlanta or Femont. :\

Most notably: 74.207.232.105 (li74-105.members.linode.com)


If you're getting attacked by Linodes, please email logs to abuse@linode.com. Unlike some ISPs, Linode is actually responsive. That's why we use them! ;-)
Top
   
Reply with quote  
spearson
 Post subject:
PostPosted: Thu Jan 14, 2010 3:49 pm 
Offline
Senior Member

Joined: Thu Dec 04, 2008 10:55 am
Posts: 57
Location: New Jersey
Guspaz wrote:
spearson: Brute force SSH attacks will be found on any and every Linux box that exposes SSH to the net, especially servers.


Yes, I know that. This was the first time (January 9) I've seen a brute force attack from another Linode in my year and a half of being a Linode user. Just figured I'd mention it.

mnordhoff wrote:
If you're getting attacked by Linodes, please email logs to abuse@linode.com. Unlike some ISPs, Linode is actually responsive. That's why we use them!


I'll do that next time. It seems like the host who attacked me no longer exists (or at least pinging doesn't work).
Top
   
Reply with quote  
ohkus
 Post subject:
PostPosted: Thu Jan 14, 2010 4:54 pm 
Offline
Senior Member

Joined: Fri Jun 13, 2008 4:11 pm
Posts: 65
Website: http://www.skafari.com
I didn't know Caker was chinese? :-P
Top
   
Reply with quote  
mnordhoff
 Post subject:
PostPosted: Thu Jan 14, 2010 5:24 pm 
Offline
Senior Member

Joined: Sat May 03, 2008 4:01 pm
Posts: 569
Website: http://www.mattnordhoff.com/
Well he wouldn't be a very effective spy if we knew! ;-)

(Kidding, kidding!)
Top
   
Reply with quote  
caker
 Post subject:
PostPosted: Thu Jan 14, 2010 5:32 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
I read your email.
Top
   
Reply with quote  
zunzun
 Post subject:
PostPosted: Thu Jan 14, 2010 8:19 pm 
Offline
Senior Member

Joined: Fri Feb 18, 2005 4:09 pm
Posts: 594
caker wrote:
I read your email.


Ah, but you are still awake -so you didn't read any of mine.

James
Top
   
Reply with quote  
zibeli
 Post subject:
PostPosted: Fri Jan 15, 2010 9:06 am 
Offline
Senior Newbie

Joined: Sun Apr 25, 2004 3:32 pm
Posts: 13
caker wrote:
I read your email.

Good, can I get you to reply to it as well? ;-)
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: No registered users and 5 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group