> I contaced Eli Klein <elijah@firstlink.com> earlier today regarding this. > It would appear he was unaware (Or says this) that his server was > used in this attack (He runs spatula.aclue.com, the server that was > used in the back door). > > I was kind of amazed CERT or Sendmail or anyone for that matter hadn't tried > to contact him. It would be apparent that the interest in actually figuring > out who hacked Sendmail's ftp site, is little to none. Unless of course they > were just assuming someone was trying to frame Mr. Klein :P I'm not too surprised. My server was used in a similar manner to control the fragrouter backdoor (the culprit got on my box through the previously trojaned irssi). I would've thought somebody would have contacted me to see if I could help track down the perpetrator, but I never heard anything (except from a Security Focus reporter). I guess people just assume that there's not going to be any evidence anyway, so there's no point in contacting the server admin. ---------------------------------------------------------------------------- Kim Scarborough http://www.unknown.nu/kim/ ----------------------------------------------------------------------------
