Hi Pozan-ga,
A "Netware Attack" as a specific type of attack which a malicous
hacker could attempt to use to gain entry into a computer system
running Novel Netware.
Novel Netware is defined as:
"...a network operating system (NOS) from Novell. Several different
versions of NetWare are currently (or have been) available. These
versions differ in the hardware they support, in the networking
services they provide, and in special features (such as fault
tolerance)."
"Unetra - Glossary of Terms"
http://www.unetra.com/glossary.html
To attempt to locate the source of this attack I ran a traceroute on
the IP Address:
traceroute to 205.188.247.229 (205.188.247.229), 30 hops max, 40 byte
packets
1 office-router1.ntplx.net (204.213.176.100) 0.541 ms 0.339 ms
0.441 ms
2 hartford1.atm.ntplx.net (204.213.183.2) 1.636 ms 1.184 ms 1.246
ms
3 sl-gw27-nyc-2-0-TS10.sprintlink.net (144.223.36.245) 3.689 ms
4.892 ms 3.816 ms
4 sl-bb24-nyc-15-0.sprintlink.net (144.232.7.25) 4.029 ms 5.116 ms
4.105 ms
5 sl-gw37-nyc-1-0.sprintlink.net (144.232.13.66) 4.62 ms 4.215 ms
5.033 ms
6 sl-ameronl-16-0.sprintlink.net (144.232.228.74) 3.64 ms 3.633 ms
4.72 ms
7 bb2-nye-P0-0.atdn.net (66.185.151.50) 4.435 ms 4.018 ms 4.613
ms
8 bb2-vie-P8-0.atdn.net (66.185.152.201) 26.981 ms 27.184 ms
26.671 ms
9 bb2-dtc-P8-0.atdn.net (66.185.152.118) 8.658 ms 8.701 ms 9.099
ms
10 pop1-dtc-P15-0.atdn.net (66.185.140.7) 9.169 ms 9.049 ms 9.322
ms
11 ptne1-dc3-P0-0.atdn.net (66.185.145.190) 9.347 ms 9.273 ms 9.07
ms
12 * * *
13 * * *
It appears that the last hop is ptne1-dc3-P0-0.atdn.net, as the three
stars indicate that the traceroute has hit a firewall and cannot go
any further. I attempted to visit www.atdn.net, however all that is
displayed on the page is this:
www.atdn.aol.com - www.atdn.net
I then ran a WHOIS query on atdn.net to find the owner of the domain:
Domain Name: ATDN.NET
Registrant:
America Online, Inc.
22000 AOL Way
Dulles, VA 20166
US
Created on..............: Aug 18 1998 12:00AM
Expires on..............: Nov 15 2003 2:29PM
Record Last Updated on..: Nov 24 2002 7:11PM
Registrar...............: America Online, Inc.
http://whois.registrar.aol.com/whois/
Administrative, Technical Contact:
AOL Domain Administration (America Online, Inc.)
22000 AOL Way
Dulles, VA 20166
US
Tel. 703 265 4670
Email: domains@aol.net
Domain servers:
DNS-01.ATDN.NET
152.163.159.236
DNS-02.ATDN.NET
205.188.157.236
This appears to be somewhat of a dead end, the user from which the
attack originated was an America Online user. Due to the fact that
AOL has dynamic IP addresses (they change everytime a user redials
AOL), it would be very difficult to trace back to the computer that
originated the attack. Even if it was possible, most individuals who
run such attacks do so on a mass scale - they scan thousands of
computers within minnutes looking for one sutiable to attack. Your
perticular system probably was just one of many scanned and passed
over.
SEARCH STRATEGY: I used Google's Glossary
(http://labs.google.com/glossary) to find an acurate definition for
Novel Netware. I then used my existing knowledge as a computer
consutant, and used NetworkSolution.com to run the WHOIS query on the
AOL domain.
WORKS CITED:
"Search Verisign WHOIS Records"
http://www.netsol.com/cgi-bin/whois/
"Unetra - Glossary of Terms"
http://www.unetra.com/glossary.html
I hope this information is of assistance to you. If you need any
additional clarification, please let me know,
rmn-ga |
