March 22, 2005
Hacking Spam? WTF?
This is a first for me. I was going over my server's log report this morning and I noticed 218 authentication failures from a domain name that implies that the company does security consulting. I checked the site and sure enough, they're a "tiger team." Is this a new method of spam, getting their domain and IP in server logs to get admins to check them out?
If you think you've gotten scanned by the same company, their netblock is 216.200.97.0/24 but I don't want to link to them directly. So are they scanning my server to get me to visit their site? The website comes up if you go to the IP, so someone checking out their obvious brute force attack would find it.
The strangest part about this is that if this is a ploy for business, it's a bad one. Penetration testing requires a large amount of trust, and if you're attacking my server to get my business you're not exactly endearing yourself to me. It doesn't rank high on the list of sound marketing decisions.
The only other scenario I can think of is if someone is using their tools to scan lots of servers, which would speak pretty poorly of the security testing company's ability to secure things. Still bad publicity, but at least it doesn't have the malicious intent of spamming.
TrackBack URL: http://mt.gnerd.net/mt-gnerd-tb.cgi/404
Maybe they've been hacked.
Posted by: tom at March 22, 2005 09:38 AMwhat's your take on the hole "PyMusique" affair ?
Posted by: Jonas at March 23, 2005 07:21 AMI think their project statement says it better than I could. They want to pay for music, but they don't want to pay for DRM.
Posted by: George Hotelling at March 24, 2005 10:24 AMSorry, comments are closed.