Novell server under attack

Hackers not playing the game

A company server at Novell, apparently used by employees for gaming purposes, has been hacked to scan for vulnerable ports on potentially millions of computers worldwide.

Chris Brandon, president of Brandon Internet Security, reported the problem to Novell. He said he had been first alerted to the hack when a client reported scanning activity several days ago.

The scans, which have been going on since 21 September use Port 22 - the default port for Secure Shell (SSH) services. SSH programs are used to log into other computers over a network or to execute remote commands and move files between machines in a secure fashion. Scans against the port are often an indication that hackers are looking for vulnerable SSH systems that they can break into and take control of.

Kevan Barney, a Novell spokesman, Wednesday confirmed that one of the company’s systems had been compromised. But he added that the server was not part of the company’s corporate network nor was it a production server.

According to Brandon, the scans were traced back to a server with an IP address assigned to Novell. The hacked system appeared to be running a mail server for a gaming site called Neticus, and the main game web page for Neticus.com was hosted on a separate server that also belonged to Novell.

Going by the large number of IP blocks scanned by the attacking server, it is safe to assume that "millions" of computers may have been probed for SSH-related weaknesses, he said.

"The employees that set it up apparently had no idea of security," Brandon said. "But what is really surprising is that Novell would allow employees to set up game servers on their corporate network and then allow the public to access it."

Logs documenting the scans from the Novell-owned computer were made available to Computerworld by Brandon. One of them is available online.

Barney said that both servers - the one hosting the gaming website and the server that scanned for vulnerable ports on other machines - were test systems outside the company’s firewalls. He also denied that the server hosting the main game web page was actually being used by gamers. Instead, it appears to have been used only to host game-related information, he said.

"There was no major breach of security here," Barney said. "Needless to say, we are taking the appropriate steps" to address the situation.

Attempts to access the Neticu site this afternoon were unsuccessful. But a search for the site yielded references to a group called the Neticus Guild which described itself as a World of Warcraft players. The site appears to have been administered by someone using a Novell.com address.


What are your views on this subject? Use the form below to post a comment on this article up to 500 characters.


Characters remaining: 500

Add your commentComments

Contacted By Christopher | Published: 21:54 GMT, 30 June 2009

This guy contacted me today saying he wanted to talk to our lawyers about Spamming Practices. He kept saying he would "settle this out of court". Did not say how much he wanted. I wonder if he is a scam.

The Truth | Published: 20:01 GMT, 11 April 2009

Funny how there are so many searches today for "Chris Brandon". I ran across this article and was curious, so I decided to do a little investigating of my own. He claims that he "checked out" Kathy Reeves and that her residence is a legitimate "mail drop". However, when he was arrested in 2001 for No Operator's License which turned into a Failure To Appear, he was listed in court as residing at that address. I did further Birth records checks and confirmed the date of birth. The phone number is also listed in her name, and he answers it regularly. The house was purchased for $120K, which does not lend creedence to assertions of being an executive. Furthermore, property searches and business searches in NC and surrounding states showed no ownership of property or business licenses. I would say that these simple and easily verifiable contradictions would have to make you think twice before believing anything he says. If anyone has any further info about him, please post it.

concerned2 | Published: 19:49 GMT, 11 April 2009

The address used as Brandon's 'mail drop' house was uses as his residence on his arrest for driving without a license (later adding failure to appear) in 2001. This man has issues, and I, too feel sorry for him. http://www.recordslogin.com/members/?stid=894grepk87rnmdr40ul4verha2

Concerned | Published: 19:45 GMT, 11 April 2009

Chris Brandon's 'mail drop' address was listed on his arrest information for driving without a license (later developing to failure to appear) as his residence. This man has some issues. I, too, feel sorry for him. He is not credible. http://www.recordslogin.com/members/?stid=894grepk87rnmdr40ul4verha2

A concerned citizen | Published: 18:58 GMT, 11 April 2009

Christopher Brandon has a screw or two loose. One would think that if "Brandon Internet Security" was a reputable company, then they would at least have a website found trhrough Google or Yahoo searches. Anyone ever heard of a computer related company without a website. The Reeves house is not a mail drop, and has been the phone number in use by him for years. There are no property records or business records to be found on him. If he were the computer expert so higly touted, he probably would have more recent news. He is a the kind that believes in conspiracy theories,and you have to feel a little sorry for him.

christopher brandon brandon internet security | Published: 00:52 GMT, 11 April 2009

Someone showed me this post today and I laughed so hard! First point is that the people that posted those lies are clearly deperate that they have to make up lies and Second, the FBI doesn't have ANY cases they discuss with the public and I haven't been charged with anything... Ever! So its now April 2009 so that's a lie, and the woman named below, I checked out, Does provide a mail forwarding service and I don't reside there. Check out the other press from Computerworld etc by valid investigative reporters who have already verified the facts for years and the article above since 2000. Since free speech is allowed, This is clear evidence that some of the scammers I have shutdown in the past are angry and I'm glad!

Christopher Brandon, Brandon Internet Security | Published: 00:50 GMT, 11 April 2009

Someone showed me this post today and I laughed so hard! First point is that the people that posted those lies are clearly deperate that they have to make up lies and Second, the FBI doesn't have ANY cases they discuss with the public and I haven't been charged with anything... Ever! So its now April 2009 so that's a lie, and the woman named below, I checked out, Does provide a mail forwarding service and I don't reside there. Check out the other press from Computerworld etc by valid investigative reporters who have already verified the facts for years and the article above since 2000. Since free speech is allowed, This is clear evidence that some of the scammers I have shutdown in the past are angry and I'm glad!

Unknown | Published: 23:27 GMT, 25 September 2008

Chris brandon lives ina house owned by a women named kathryn reeves. His company does not exist! H lives in indian trail north caroina.

Concerned | Published: 00:00 GMT, 12 September 2008

Chris brandon is not the President of anything. He is being investigated for Identity theft and fraud by the FBI

Related Security news

Microsoft denies building security 'backdoor' in Windows 7

Privacy organisations shouldn't read too much into NSA involvement it says

Pentagon expands exclusive deal with McAfee

Department of Defense uses McAfee products

Police arrest pair over global banking web scam

Man and woman arrested in Manchester for using notorious Zeus Trojan

Security star Fortinet sets price for IPO

Investors still have taste for tech.



Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Database security: Preventing enterprise data leaks at the source

IDC discusses the growing internal threats to business information, the impact of government regulations on the protection of data, and how enterprises must adopt database security best practices...

Download Whitepaper

Service-oriented security

SOA has become an integral part of enterprise software by providing a framework to efficiently develop software as services that is easily sharable, reusable, and integrated. No where is the need more apparent than in the Identity Management space. Welcome to the age of Service-Oriented Security (SOS).

Download Whitepaper

Data protection prospective vendor checklist

Organisations need a way to map business needs against all these challenges in procuring a technical solution. To help, SANS has developed the following Prospective Vendor Checklist.

Download Whitepaper

Unlock the power of the mainframe

This whitepaper presents the notion of CICS as an integration hub based on a component-based, service-oriented architecture supporting Web services. Highlights will review the challenges and contrasted support for Web services natively in CICS.

Download Whitepaper

Techworld UK - Technology - Business

COLT White Paper

Are all VoIP services the same?

Questions to ask your service provider to ensure you get the VoIP service you need
With careful choice of partner, your business can have all the advantages of VoIP access - reduced costs, flexibility and simplicity - without the drawbacks.
This white paper is your guide to ensure you get right the VoIP service and details the pitfalls which businesses would do well to avoid.

Download white paper
BMC

Ride the express lane in the journey to speed ITIL adoption

Explore the challenges in making the journey to ITIL and the criteria for selecting consulting services
By following ITIL practices, your IT organisation will become more closely integrated with the business. We recommend making the journey to ITIL in a sequence of six incremental steps, the phases of which are driven through execution of a strategic transformational roadmap.

Download white paper

Webcast: IT Financial Management: Cost Optimisation for Efficiency and Agility.
On Demand Webcast
Join this webcast to learn about the techniques and technologies that can help you prove the value of IT to the business by understanding the true cost of today's IT services and those that will be necessary to deliver future success.

Register Today

Site Map

IDG Network

* *