Hi all
I am using Debian Etch (currently testing). Today from the abuse department
of my ISP, I received the following warning (pasted in the end). My ISP has
suspended my internet connection due to this. However, I am not able to track
down the cause of the problem. I am wondering if anyone could help me out or
tell me a better place to contact...
I have used kopete sometime back to contact debian IRC channels. Other than
that I have never heard of this undernet.org. I also cannot imagine a debian
machine (especially with etch being so near to becoming stable) being
compromised as a zombie.
Here is what I have done so far
1) I have looked in various log files but could not find any suspicious
activity.
2) I tried to register at http://forum.undernet.org but their system is not
allowing me register my account.
3) I was not able to contact the original sender of the abuse report as there
is no from address in the report forwarded to me. My ISP's abuse department is
closed for the weekend and I am trying to resolve this issue before approaching
them on Monday.
Any ideas on how to determine+eliminate the root cause of this problem? Has
anyone faced a similar problem before on Debian machines?
thanks
raju
***************************
abuse report forwarded to me
***************************
Good day,
We are contacting you in order to inform the Abuse Department of your ISP that
the following IPs have been compromised by unknown persons:
Ip: 128.253.28.128
Complaint ticket: PJBP-2564
Abusers have been caught on IRC (Undernet.org Network) using
the above IPs for loading IRC clients (floodbots, spambots, trojan
spreading clients, etc.) involved in illegal activities such as DDoS,
SPAMMING or Infected links/trojans spreading.
We would kindly appreciate your action to solve the hacked boxes
or inform your customers about it in order to make sure the
abusers wont be able anymore to use your services for such
activities.
As we are a non-profit Anti Abuse Project organized on an IRC
Network, please reply to our reporting e-mail, so this way we can
keep track of our Solved/Declined requests.
Sincerely,
Lucia Munteanu
***************************
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
