From - Wed Sep 10 14:45:43 1997 Received: from bingy.acs.uci.edu by nis.acs.uci.edu (8.8.5) id OAA17950; Wed, 10 Sep 1997 14:28:22 -0700 (PDT) Received: by bingy.acs.uci.edu (8.8.5) id OAA22790; Wed, 10 Sep 1997 14:27:00 -0700 (PDT) Path: news.service.uci.edu!news.cs.ucr.edu!nntp.info.ucla.edu!news.maxwell.syr.edu!Cabal.CESspool!bofh.vszbr.cz!lyra.csx.cam.ac.uk!nmm1 From: nmm1@cus.cam.ac.uk (Nick Maclaren) Newsgroups: comp.security.unix Subject: Re: European hacker attacks becoming rampant? Date: 5 Sep 1997 08:06:59 GMT Organization: University of Cambridge, England Lines: 33 Message-ID: <5uoej3$ldn$1@lyra.csx.cam.ac.uk> References: <5unnut$sr5$2@artemis.it.luc.edu> <5uobpr$r1h@hippo.ru.ac.za> NNTP-Posting-Host: taurus.cus.cam.ac.uk Content-Type: text Status: U X-Mozilla-Status: 0011 Content-Length: 1615 In article <5uobpr$r1h@hippo.ru.ac.za>, F.F. Jacot Guillarmod wrote: > >In <5unnut$sr5$2@artemis.it.luc.edu> sandell@sparky.parmly.luc.edu (Gregory J. Sandell) writes: > >>I got attacked by hackers from Sweden between June and August. I >>mentioned it on this newsgroup, and many people wrote back to say they >>had the same experience, around the same time (in some cases). Just >>today a dept. at Univ. of Chicago got attacked from someone in Germany, >>and someone on this newsgroup from Sweden just reported an attack. Are >>we witnessing some sort of 'movement'?? > >We're certainly seeing a large number of probes on our networks. This >seems to have started up (from our perspective) over the last week or so. >Another South African site, ccwr.ac.za, got cleaned out about two or >three weeks back but I have no details of this incident. Do we know whether the HACKER is in Europe, or he/she/it is using a European site to cover his traces? Some years back, the UK had a lot of trouble with hacking from the USA, but the reason was that the USA was full of insecure sites that could be used for intermediaries; in fact, most of the hackers that were caught were from the UK. We could easily be seeing the converse - insecure sites in Europe being used as intermediaries by hackers from outside. Whatever the reason, the solution is the same - those sites need to get their act together! Nick Maclaren, University of Cambridge Computer Laboratory, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England. Email: nmm1@cam.ac.uk Tel.: +44 1223 334761 Fax: +44 1223 334679