Novell downplays server hack

An internal Novell investigation of an apparent hack involving one of its computers revealed that the incident was less serious than was described by the security consultant who reported it to the company, a spokesman said Friday.

The company also asserted that several of the claims made by the researcher were inaccurate.

Chris Brandon, president of Brandon Internet Security, on Wednesday had said that a server apparently set up for gaming purposes by some workers at Novell had been hacked and was being used to scan for vulnerable ports on millions of computers worldwide.

According to Brandon, who said he told Novell about the problem on Tuesday, the scans began on Sep. 21 and were targeted at TCP Port 22 -- the default port for Secure Shell (SSH) services. SSH programs are used to log into other computers over a network or to execute remote commands and securely move files between machines.

Brandon said he traced the scans to a server with an IP address assigned to Novell. He also said that the hacked system appeared to be running a mail server for a gaming site called that was hosted on a different Novell server.

Kevan Barney, a Novell spokesman, Friday confirmed that one of the company's severs had been scanning other systems. But the system wasn't running a mail server, as Brandon had claimed, nor was it connected to a game server in any fashion, he said. Barney described the hardware as a test server that was outside the company's firewalls and said at various times it has hosted several different operating systems.

Barney also challenged Brandon's claim that millions of computers had been scanned. "We see no evidence that the scans were so widespread, so we are not sure how he came up with that number," he said. Barney added that it's difficult to know exactly how many systems were scanned.

Brandon this afternoon insisted that forensics he has indicate that very large numbers of computers were being scanned and that the system that was doing that scanning was indeed running a mail server.

During the course of its investigation, the company did find a separate Novell-owned server that was hosting the game information site. But that server was in no way connected to the scanning activity, Barney said, and that site, which was run by a single employee, has since been taken down.

Neticus is the name of a now-defunct Internet service provider owned by Novell that provided e-mail, Internet access and hosted newsgroups for Novell employees. The company is investigating how and why a Neticus server was used to host a game information site, Barney said.

Show Comments