[AusNOG] Analysis of the Carna Botnet (Internet Census 2012)

PRK ausnog at digitaljunkie.net
Wed May 29 12:02:09 EST 2013 

 

You're assuming it's the ISP's infrastructure with default credentials,
rather than the ISP's customer's CPE? 

prk. 

On 2013-05-29 11:43, Jake Anderson wrote: 

> telnet someserver.tpg.com
> ping tpgdns.tpg.com -f -l 1000 -p 436865636b204175736e6f67 -s 1450
> 
> MUWHAHAHAHAH!
> They may be a little less receptive to the idea of you being white hat however ;->
> 
> (for the lazy hex 43:68:65:63:6b:20:41:75:73:6e:6f:67 = "Check Ausnog" in the ascii realm)
> 
> On 29/05/13 11:05, Parth Shukla wrote: 
> 
>> Hey all, 
>> 
>> I am still looking for contacts for: TPG, Optus and iiNet! 
>> 
>> Someone did kindly forward my email to iiNet security team so I'll wait a day or two more to hear from them still… 
>> 
>> Anyone? Anything?! 
>> 
>> Cheers, 
>> 
>> Parth 
>> 
>> PARTH SHUKLA |Information Security Analyst 
>> 
>> AusCERT | Australia's premier computer emergency response team 
>> 
>> The University of Queensland | Brisbane QLD 4072 | Australia 
>> 
>> t: (07) 334 64537 |e: pparth at auscert.org.au w: www.auscert.org.au [2] 
>> 
>> Save a tree. Don't print this e-mail unless it's really necessary 
>> 
>> FROM: Parth Shukla [mailto:pparth at auscert.org.au] 
>> SENT: Tuesday, 28 May 2013 12:39 PM
>> TO: ausnog at lists.ausnog.net
>> SUBJECT: Re: Analysis of the Carna Botnet (Internet Census 2012) 
>> 
>> Hi All, 
>> 
>> I'm hoping most of you have had a chance to at least have a quick look at my presentation by now. 
>> 
>> I'm now after technical contacts for three of the four most prominent Telco's that are present in the Australian data (slide 44 of my presentation). I am hoping to work with someone fairly technical in helping deal with the problem of vulnerable devices through default logins on telnet on their infrastructure. 
>> 
>> I'm after (generic and/or non-generic) technical and security focused contact details for: TPG, OPTUS AND IINET. 
>> 
>> The IP ranges for these three and Telstra represent 75% of compromised devices in Australia. I already have generic email for Telstra which I'll use but if someone here form Telstra wants to contact me directly please feel free. 
>> 
>> Could someone from these three please contact me off-list? If someone has good contacts in any of them, could you either a) forward my email to them asking them to contact me or b) email me their contact details off-list? 
>> 
>> I will be providing them with the part of the data that is relevant to their network. 
>> 
>> Cheers, 
>> 
>> Parth 
>> 
>> PARTH SHUKLA |Information Security Analyst 
>> 
>> AusCERT | Australia's premier computer emergency response team 
>> 
>> The University of Queensland | Brisbane QLD 4072 | Australia 
>> 
>> t: (07) 334 64537 |e: pparth at auscert.org.au w: www.auscert.org.au [2] 
>> 
>> Save a tree. Don't print this e-mail unless it's really necessary 
>> 
>> FROM: Parth Shukla [mailto:pparth at auscert.org.au] 
>> SENT: Friday, 24 May 2013 7:45 PM
>> TO: ausnog at lists.ausnog.net
>> SUBJECT: Analysis of the Carna Botnet (Internet Census 2012) 
>> 
>> Dear All, 
>> 
>> I have made my presentation on the Carna Botnet freely available for view and/or download: http://bit.ly/auscertcarna [3] 
>> 
>> This presentation is on the Compromised Devices of the Carna Botnet (also known as Internet Census 2012). This analysis is done from data obtained directly from the researcher. The data used is NOT publicly available for download. 
>> 
>> This was recently presented at the AusCERT Conference 2013. Info: http://conference.auscert.org.au/conf2013/speaker_Parth_Shukla.html [4] 
>> 
>> This presentation is freely available for viewing and downloading as I wish to spread awareness of the issues raised as a result of the Carna Botnet. 
>> 
>> I am sending this email as I suspect many of you will find the contents of this presentation interesting. Apologies to those who are subscribed to multiple mailing lists and are receiving this email multiple times as a result. Please forward this onto any mailing list or any individual who you think may appreciate the contents of the presentation. 
>> 
>> Regards, 
>> 
>> Parth 
>> 
>> PARTH SHUKLA |Information Security Analyst 
>> 
>> AusCERT | Australia's premier computer emergency response team 
>> 
>> The University of Queensland | Brisbane QLD 4072 | Australia 
>> 
>> t: (07) 334 64537 |e: pparth at auscert.org.au w: www.auscert.org.au [2] 
>> 
>> Save a tree. Don't print this e-mail unless it's really necessary 
>> 
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog [1]
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog [1]

 

Links:
------
[1] http://lists.ausnog.net/mailman/listinfo/ausnog
[2] http://www.auscert.org.au/
[3] http://bit.ly/auscertcarna
[4] http://conference.auscert.org.au/conf2013/speaker_Parth_Shukla.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130529/6ce9a68a/attachment.html>

More information about the AusNOG mailing list