[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Ford Motors IT Contact

To: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] Ford Motors IT Contact
From: Simon Smith <simon@xxxxxxxxxxx>
Date: Tue, 27 May 2008 16:27:15 -0400

Indeed, that is the IP address.

        That IP address appears to be bound to some sort of a VPN system for 
ford. Perhaps its infected VPN users?

Michael Holstein wrote:
> 
>> In response to them still being infected with sql slammer and it 
>> probing my networks regularly.
>>   
> Let me guess .. it's 136.1.7.55 ?
> 
> Here's what I get (from ford) every time that IP pops up in our 
> automated abuse report ..
> 
> --snip--
> 
> Our investigation into this matter has determined that the recent onset
> of attacks from this IP is the result of the IP being forged by an
> external party.  External parties will commonly use IP addresses that
> belong to large organizations to mask network traffic.
> 
> --snip--
> 
> Cheers,
> 
> Michael Holstein
> Cleveland State University
> 
> 

-- 

- simon

----------------------
http://www.snosoft.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Ford Motors IT Contact
  - From: Simon Smith
- Re: [Full-disclosure] Ford Motors IT Contact
  - From: Gary Wilson
- Re: [Full-disclosure] Ford Motors IT Contact
  - From: Nate McFeters
- Re: [Full-disclosure] Ford Motors IT Contact
  - From: Simon Smith
- Re: [Full-disclosure] Ford Motors IT Contact
  - From: Michael Holstein

Prev by Date: Re: [Full-disclosure] Ford Motors IT Contact
Next by Date: Re: [Full-disclosure] Ford Motors IT Contact
Previous by thread: Re: [Full-disclosure] Ford Motors IT Contact
Next by thread: [Full-disclosure] [SECURITY] [DSA 1588-1] New Linux 2.6.18 packages fix several vulnerabilities
Index(es):
- Date
- Thread