[prev in list] [next in list] [prev in thread] [next in thread]
List: incidents
Subject: Re: What the hell is with Korea?!
From: "Cho, Douglas" <douglas.cho () MAIL ! A3SC ! CO ! KR>
Date: 2000-09-21 22:03:45
[Download RAW message or body]
�$)C
This is strange accusation, if I understood your message correctly.
So far I saw many cases complaining about network scans from Korea.
However, I think we found that such attacks were not even originated from
Korea.
Commonly, it came from overseas and went back to other side of the world.
This is sad but true.
We do have two or more public intelligence agencies in Korea, but I never
heard if they do any information warfare stuff, yet.
If you want to complain about scans, just focus on that. Please don't go
to far about the conspiracy theory.
BTW, 210.219.251.228 belongs to a company selling some sound card products
in Korea.
Douglas (DoKeun) Cho
====================================
Chief Consultant/Director
CISA, CPA, MCSE, CCNA
A3 Security Consulting Co., Ltd.
TEL: +82 2 332 3042
FAX: +82 2 332 5524
=================================
"J. Stutzman"
<henrybasset@CHESAP �<v=E@N�: \
INCIDENTS@SECURITYFOCUS.COM EAKE.NET> �B|A6@N�:
�9_=E@N�: Incidents �A&8q�: Re: [INCIDENTS] What \
the hell is with Korea?! Mailing List
<INCIDENTS@SECURITY
FOCUS.COM>
2000-09-21 06:34 AM
jstutzman �?!0T� �H8=E�
�GO?)� �AV=J=C?@�.
For all you folks being hacked from Korea. Don't summarily discount the
hacks
as anklebiters. I do a presentation showing competitive intelligence
threats.
One of the CI agencies in the brief is the Korean Agency for Defense
Development. You can check them out online, or there's a good explaination
of
their activies at http://www.nmjc.org/aoard/9425.html. This is the short
version. Take a look, it's worth the read. (maybe a minutes worth of text).
It's an important note that not every hacker is a fat kid having fun on the
computer in his basement.
Jeff Stutzman
www.info-security.net
Healthcare ISAC
LOS Ralph wrote:
> Hello readers,
> Can someone tell me what this was/is? I traced the owner - duh -
> some Korean IP, and sending them email to this regard just generates an
> auto-replay that it's improperly formatted....now I have to go through
the
> hassle of trying to communicate with these hostmaster(s) over there.
>
> If anyone can shed light on this, please do.
>
> Ralph M. Los
> Internet Systems & Security Admin. (312) 827-3945 (direct)
> EnvestNet Advisory Corp. (312) 296-9003 (wireless)
> rlos@envestnet.com
>
> 09/17/2000 04:56:46.816 - TCP connection dropped -
> Source:210.219.251.228, 4436, WAN -
> Destination:63.140.7.27, 59, LAN - - Rule 22
> 09/17/2000 04:56:47.544 - TCP connection dropped -
> Source:210.219.251.228, 4477, WAN - Destination:63.140.7.68, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.544 - TCP connection dropped -
> Source:210.219.251.228, 4494, WAN - Destination:63.140.7.85, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.544 - TCP connection dropped -
> Source:210.219.251.228, 4479, WAN - Destination:63.140.7.70, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.544 - TCP connection dropped -
> Source:210.219.251.228, 4481, WAN - Destination:63.140.7.72, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.544 - TCP connection dropped -
> Source:210.219.251.228, 4507, WAN - Destination:63.140.7.98, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.560 - TCP connection dropped -
> Source:210.219.251.228, 4498, WAN - Destination:63.140.7.89, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.560 - TCP connection dropped -
> Source:210.219.251.228, 4499, WAN - Destination:63.140.7.90, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.560 - TCP connection dropped -
> Source:210.219.251.228, 4536, WAN - Destination:63.140.7.127, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.560 - TCP connection dropped -
> Source:210.219.251.228, 4500, WAN - Destination:63.140.7.91, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.576 - TCP connection dropped -
> Source:210.219.251.228, 4506, WAN - Destination:63.140.7.97, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.576 - TCP connection dropped -
> Source:210.219.251.228, 4508, WAN - Destination:63.140.7.99, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.576 - TCP connection dropped -
> Source:210.219.251.228, 4511, WAN - Destination:63.140.7.102, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.576 - TCP connection dropped -
> Source:210.219.251.228, 4515, WAN - Destination:63.140.7.106, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.592 - TCP connection dropped -
> Source:210.219.251.228, 4523, WAN - Destination:63.140.7.114, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.592 - TCP connection dropped -
> Source:210.219.251.228, 4525, WAN - Destination:63.140.7.116, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.592 - TCP connection dropped -
> Source:210.219.251.228, 4528, WAN - Destination:63.140.7.119, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.592 - TCP connection dropped -
> Source:210.219.251.228, 4533, WAN - Destination:63.140.7.124, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.592 - TCP connection dropped -
> Source:210.219.251.228, 4538, WAN - Destination:63.140.7.129, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.592 - TCP connection dropped -
> Source:210.219.251.228, 4541, WAN - Destination:63.140.7.132, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.592 - TCP connection dropped -
> Source:210.219.251.228, 4540, WAN - Destination:63.140.7.131, 59, LAN
-
> - Rule 22
> 09/17/2000 04:56:47.592 - TCP connection dropped -
> Source:210.219.251.228, 4542, WAN - Destination:63.140.7.133, 59, LAN
-
> - Rule 22
> 09/17/2000 04:58:35.544 - TCP connection dropped -
> Source:210.219.251.228, 3076, WAN - Destination:63.140.7.24, 53, LAN
-
> 'Name Service (DNS)' - Rule 22
> 09/17/2000 04:58:35.544 - TCP connection dropped -
> Source:210.219.251.228, 3077, WAN - Destination:63.140.7.25, 53, LAN
-
> 'Name Service (DNS)' - Rule 22
> 09/17/2000 04:58:35.560 - TCP connection dropped -
> Source:210.219.251.228, 3065, WAN - Destination:63.140.7.13, 53, LAN
-
> 'Name Service (DNS)' - Rule 22
> 09/17/2000 04:58:35.560 - TCP connection dropped -
> Source:210.219.251.228, 3071, WAN - Destination:63.140.7.19, 53, LAN
-
> 'Name Service (DNS)' - Rule 22
> 09/17/2000 04:58:35.560 - TCP connection dropped -
> Source:210.219.251.228, 3073, WAN - Destination:63.140.7.21, 53, LAN
-
> 'Name Service (DNS)' - Rule 22
> 09/17/2000 04:58:35.560 - TCP connection dropped -
> Source:210.219.251.228, 3067, WAN - Destination:63.140.7.15, 53, LAN
-
> 'Name Service (DNS)' - Rule 22
> 09/17/2000 04:58:35.560 - TCP connection dropped -
> Source:210.219.251.228, 3068, WAN - Destination:63.140.7.16, 53, LAN
-
> 'Name Service (DNS)' - Rule 22
> 09/17/2000 04:58:35.560 - TCP connection dropped -
> Source:210.219.251.228, 3176, WAN - Destination:63.140.7.124, 53, LAN
-
> 'Name Service (DNS)' - Rule 22
> 09/17/2000 04:58:35.560 - TCP connection dropped -
> Source:210.219.251.228, 3070, WAN - Destination:63.140.7.18, 53, LAN
-
> 'Name Service (DNS)' - Rule 22
> 09/17/2000 04:58:35.560 - TCP connection dropped -
> Source:210.219.251.228, 3181, WAN - Destination:63.140.7.129, 53, LAN
-
> 'Name Service (DNS)' - Rule 22
> 09/17/2000 04:58:35.560 - TCP connection dropped -
> Source:210.219.251.228, 3069, WAN - Destination:63.140.7.17, 53, LAN
-
> 'Name Service (DNS)' - Rule 22
> 09/17/2000 04:58:35.560 - TCP connection dropped -
> Source:210.219.251.228, 3072, WAN - Destination:63.140.7.20, 53, LAN
-
> 'Name Service (DNS)' - Rule 22
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic