28 May 2003
Yesterday there was an intrusion of Cryptome administrator's home network from an address perhaps in the Washington DC area, or spoofed from that area:
Time Event Intruder Count ------------------------------------------------------------ 05/27/2003 07:46:24 AM, TCP data changed, 192.20.5.56, 16
The address is shown on Google as belonging to ATT Wireless services, so it could have come from anywhere, including by a variation of the newly introduced wireless spam attack described here:
http://cryptome.org/att-spam.htm
Wireless attacks on the net are on the increase due to the ease of originating hard-to-trace attacks through wireless telephone gateways and widening access to unrestricted Wi-Fi services. There is likelihood that these means will be used by attackers from criminals and snoopers from intelligence agencies wishing to cloak their origins.
Trace of the address:
=================================================== === VisualRoute report on 28-May-03 11:20:52 AM === =================================================== Report for 192.20.5.56 Analysis: IP packets are being lost past network "12.127.208.0" at hop 17. There is insufficient cached information to determine the next network at hop 18. ---------------------------------------------------------------------------------------------------------------------------------- | Hop | %Loss | IP Address | Node Name | Location | Tzone | ms | Graph | Network | ---------------------------------------------------------------------------------------------------------------------------------- | 0 | Omitted | 1 | | 10.39.160.1 | - | ... | | 0 | x | (private use) | | 2 | | 24.29.98.101 | pos2-0-nycmnyg-ubr5.nyc.rr.com | New York, NY, USA | -05:00 | 0 | x | 24.29.98.0 | | 3 | | 24.29.98.97 | pos0-2-nycmnyg-rtr1.nyc.rr.com | New York, NY, USA | -05:00 | 0 | x | 24.29.98.0 | | 4 | | 24.29.98.5 | pos4-0.nycmnyb-rtr1.nyc.rr.com | New York, NY, USA | -05:00 | 3 | x | 24.29.98.0 | | 5 | | 24.29.101.222 | pos2-0-nycmnyb-rtr2.nyc.rr.com | New York, NY, USA | -05:00 | 1 | x | 24.29.101.0 | | 6 | | 24.29.97.21 | pos3-0-nycmnyd-rtr1.nyc.rr.com | New York, NY, USA | -05:00 | 1 | x | 24.29.97.0 | | 7 | | 24.29.97.38 | pos5-3-nycmnya-rtr2.nyc.rr.com | New York, NY, USA | -05:00 | 6 | x | 24.29.97.0 | | 8 | | 66.185.137.21 | pop2-new-P0-3.atdn.net | | | 0 | x | 66.185.137.0 | | 9 | | 66.185.137.18 | bb2-new-P0-1.atdn.net | | | 3 | x | 66.185.137.0 | | 10 | | 66.185.152.196 | bb1-nye-P4-0.atdn.net | | | 1 | x- | 66.185.152.0 | | 11 | | 66.185.151.65 | pop2-nye-P0-0.atdn.net | | | 7 | x--------- | 66.185.151.0 | | 12 | | 192.205.32.217 | cw-gw.stwwa.ip.att.net | Seattle, WA, USA | -08:00 | 48 | --x----- | 192.205.32.0 | | 13 | | 12.123.3.57 | - | | | 0 | x | 12.123.3.0 | | 14 | | 12.122.10.54 | tbr1-p012501.wswdc.ip.att.net | Washington, DC, USA | -05:00 | 16 | x- | 12.122.10.0 | | 15 | | 12.122.11.166 | gbr2-p10.wswdc.ip.att.net | Washington, DC, USA | -05:00 | 15 | x- | 12.122.11.0 | | 16 | | 12.123.8.41 | ar1-a300s5.wswdc.ip.att.net | Washington, DC, USA | -05:00 | 16 | x- | 12.123.8.0 | | 17 | | 12.127.208.218 | - | | | 32 | x- | 12.127.208.0 | | ... | | | | | | | | | | ? | | 192.20.5.56 | - | | | | | 192.20.5.0 | ---------------------------------------------------------------------------------------------------------------------------------- Roundtrip time to 12.127.208.218, average = 32ms, min = 31ms, max = 46ms -- 28-May-03 11:20:52 AM
The intrusion was reported to ATT technical contact:
TechName: Compton, Leona
TechPhone: +1-407-805-6714
TechEmail: lcompton@att.com