Computerworld - An internal Novell Inc. investigation of an apparent hack involving one of its computers revealed that the incident was less serious than was described by the security consultant who reported it to the company, a spokesman said today.
The company also asserted that several of the claims made by the researcher were inaccurate.
Chris Brandon, president of Brandon Internet Security in Alexandria, Va., on Wednesday had said that a server apparently set up for gaming purposes by some workers at Novell had been hacked and was being used to scan for vulnerable ports on millions of computers worldwide (see "Novell server hacked, used to scan for vulnerable computers").
According to Brandon, who said he told Novell about the problem on Tuesday, the scans began on Sept. 21 and were targeted at TCP Port 22 -- the default port for Secure Shell (SSH) services. SSH programs are used to log into other computers over a network or to execute remote commands and securely move files between machines.
Brandon said he traced the scans to a server with an IP address assigned to Novell. He also said that the hacked system appeared to be running a mail server for a gaming site called Neticus.com that was hosted on a different Novell server.
Kevan Barney, a Novell spokesman, today confirmed that one of the company's severs had been scanning other systems. But the system wasn't running a mail server, as Brandon had claimed, nor was it connected to a game server in any fashion, he said. Barney described the hardware as a test server that was outside the company's firewalls and said at various times it has hosted several different operating systems.
Barney also challenged Brandon's claim that millions of computers had been scanned. "We see no evidence that the scans were so widespread, so we are not sure how he came up with that number," he said. Barney added that it's difficult to know exactly how many systems were scanned.
Brandon this afternoon insisted that forensics he has indicate that very large numbers of computers were being scanned and that the system that was doing that scanning was indeed running a mail server.
During the course of its investigation, the company did find a separate Novell-owned server that was hosting the Neticus.com game information site. But that server was in no way connected to the scanning activity, Barney said, and that site, which was run by a single employee, has since been taken down.
Neticus is the name of a now-defunct Internetservice provider owned by Novell that provided e-mail, Internet access and hosted newsgroups for Novell employees. The company is investigating how and why a Neticus server was used to host a game information site, Barney said.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
