Novell Server Was Used to Look for Vulnerable Ports on Other Computers Worldwide

Computerworld - A server belonging to Novell Inc. was hacked into and then used to scan for vulnerable ports on other computers, according to an Internet security consultant who reported the problem to Novell last week.
Chris Brandon, president of Brandon Internet Security in Alexandria, Va., said he was first alerted to the problem when a client reported scanning activity on its systems. According to Brandon, the scans began Sept. 21 and were targeted at TCP Port 22 - the default port for Secure Shell services. SSH programs are used to log into other computers over a network or to execute remote commands and move files among machines in a secure fashion.
Brandon said he traced the scans to a server with an IP address assigned to Novell. He added that the system appeared to be running a mail server for a gaming site called Neticus.com that was hosted on a separate server also belonging to Novell.
Brandon made logs documenting the scans available to Computerworld. He claimed that judging by the large number of IP blocks that were scanned, "millions" of computers may have been probed for SSH-related weaknesses.
Investigation Continues
Kevan Barney, a Novell spokesman, confirmed that one of the company's servers had been scanning other systems. But he said that as of last Friday, the company's IT staff was still investigating whether the server had actually been hacked into from the outside, as Brandon asserted.
Barney also said that the server doing the scans wasn't running a mail server for the gaming site. Instead, it was a test server that was installed outside of Novell's firewalls, he said, adding that the server has run different operating systems at various times.
In addition, Novell is challenging Brandon's claim that its server was used to scan millions of other computers. "We see no evidence that the scans were so widespread, so we aren't sure how he came up with that number," Barney said. He added that it's hard to know precisely how many systems were scanned.
During the course of its investigation, Novell did find a separate company-owned server that was hosting the Neticus.com game site. But that server was in no way connected to the scanning activity, Barney maintained. The game site, which was run by a single employee, has since been taken down, he added.
Neticus is the name of a now-defunct Internet service provider owned by Novell that provided its employees with access to the Internet, e-mail and newsgroups. Barney said Novell officials are looking into how andwhy a Neticus server came to be used to host a game site.