Re: Connection Attempts
From: Andrew Simmons (andrew@zpok.demon.co.uk)Date: 01/15/02
- Previous message: Greg A. Woods: "Re: Unusual DNS requests (not related to previous DNS thread)"
- In reply to: Jeremy Hoover: "Connection Attempts"
- Next in thread: Kevin.Reardon@oracle.com: "Re: Connection Attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Jan 2002 17:56:32 +0000 From: Andrew Simmons <andrew@zpok.demon.co.uk> To: Jeremy Hoover <hoover@gti-bti.com>, Incidents <incidents@securityfocus.com>
Jeremy Hoover wrote:
> Today I was going through my server logs. And I came across this.
>
> Jan 14 11:46:51 penguin ftp(pam_unix)[7256]: authentication failure;
> logname= uid=0 euid=0 tty= ruser= rhost=63.240. xxx.xxx
> Jan 14 11:46:53 penguin ftpd: 63.240.xxx.xxx: connected: IDLE
[snip]
> Normally this wouldn't be a problem, get tons of them everyday except this
> attempt is coming from one of our Competing Corporations.> On Dec. 26th, I found a syn flood coming from the same ip. What actions
> should I take? What kind of legal matters are involved in
> this. As I dig deeper, I keep finding connection attempts. There is NO
> reason for them to be trying to access our servers.
Call your lawyers. And remember not to take legal advice from random
people over the Internet :)
\a
-- ===( Andrew Simmons PGP key: http://pgpkeys.mit.edu---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Greg A. Woods: "Re: Unusual DNS requests (not related to previous DNS thread)"
- In reply to: Jeremy Hoover: "Connection Attempts"
- Next in thread: Kevin.Reardon@oracle.com: "Re: Connection Attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
