Responsible for the creation of “scoup” the collector used by NAIDI, Georgia Tech and Stanford students mauled over the data of the attack noting that statements appeared in bogon’s (Bogus IP length (0, less than header length 20)) appeared unusually high during the attack. In addition to that information forged “adobe” site certificates and “sony” site certificates also appeared according to the recording server just behind Pandora separated by an IPS firewall. More than 1.211 gigs were extracted from the server.

Scoup is an experimental server that surfs the internet automatically sampling websites for viruses, spyware and malware which places the extraction or samples in a virtual containment for an antivirus company. The package is then placed in iso form and burned to dvd’s for mail out. What was extracted was believed to be that which was collected in the last month.

The server contained the latest W32 worms and new variants of W32 swine flu virus.

The server was named “Pandora”. It’s OS was apache linux. The server contained 367,000 ISO’s of dirty packets collected from surfing 3 years on the internet. Every virus, spyware and malware within a three year span was stored in the computer. NAIDI identified the server as NADINE, a records server used for storing information primarily used by Activist in North America.

We used a basic ASA to protect the computer. Some of our usual suspects were involved.  Records of the attack are noted here.

This was the “Blinding of the Firewall” while bogons extracted the ISO’s.

China now has a new problem which may spread to networks with in it’s own backbone.  Every virus, worm, trojan and some exclusive malware will now infect the hackers.

The lesson is “Counter Hacking 101″.

“V” the term was used by Hollywood. Pandora identified the firewall.

Imagine that.