View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Ars points finger for Chinese attack at Linode?
Log in to Ask a Question

Ars points finger for Chinese attack at Linode?

general

http://arstechnica.com/security/news/20 … attack.ars">http://arstechnica.com/security/news/2010/01/researchers-identify-command-servers-behind-google-attack.ars

15 Replies

Linode Staff

If you read the quote carefully, it says it currently points to a Linode.

-Chris

Will you guys release more information? Like whether this was a malicious user or someone who was compromised?

Normally, few companies would reveal any information like that. Although, in this case, with both Adobe and Google publicly pointing the finger at China, this is anything but a normal case.

I may have misread (it isn't entirely clear) but my read of it is that a dynamic DNS hostname was involved, and that hostname now points to a Linode. Maybe it was parked, maybe it was recycled.. But there's no claim that a Linode was involved in the actual attack.

I've been getting several brute force SSH attacks on my Fremont node from either Atlanta or Femont. :\

Most notably: 74.207.232.105 (li74-105.members.linode.com)

I'm very interested to hear where this investigation has gone. It would help the company if you could prove that they weren't using Linode servers to launch these attacks.

rainycity10: More likely a Linode was rooted, making Linode as much of a victim here as the other companies.

@spearson:

I've been getting several brute force SSH attacks on my Fremont node from either Atlanta or Femont. :\

Most notably: 74.207.232.105 (li74-105.members.linode.com)

If you're getting attacked by Linodes, please email logs to abuse@linode.com. Unlike some ISPs, Linode is actually responsive. That's why we use them! ;-)

@Guspaz:

spearson: Brute force SSH attacks will be found on any and every Linux box that exposes SSH to the net, especially servers.

Yes, I know that. This was the first time (January 9) I've seen a brute force attack from another Linode in my year and a half of being a Linode user. Just figured I'd mention it.

@mnordhoff:

If you're getting attacked by Linodes, please email logs to abuse@linode.com. Unlike some ISPs, Linode is actually responsive. That's why we use them!

I'll do that next time. It seems like the host who attacked me no longer exists (or at least pinging doesn't work).

I didn't know Caker was chinese? :-P

Well he wouldn't be a very effective spy if we knew! ;-)

(Kidding, kidding!)

Linode Staff

I read your email.

@caker:

I read your email.

Ah, but you are still awake -so you didn't read any of mine.

James

@caker:

I read your email.
Good, can I get you to reply to it as well? ;-)

Linode Staff

Our official statement:

http://blog.linode.com/2010/01/15/linod … r-attacks/">http://blog.linode.com/2010/01/15/linode-and-the-google-cyber-attacks/

-Chris

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct