Re: Connection Attempts
From: Kevin.Reardon@oracle.comDate: 01/15/02
- Previous message: Patrick Patterson: "Re: Trojans that use LDAP"
- In reply to: Jeremy Hoover: "Connection Attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Jan 2002 09:53:22 -0800 From: Kevin.Reardon@oracle.com To: Jeremy Hoover <hoover@gti-bti.com>
I think you should treat this like the other attempts you are getting. You can
also try to call them up and ask them what is going on. I'm sure that if they
have a rouge in their midst, they would like to know and stop who ever it is.
---K
Jeremy Hoover wrote:
> Today I was going through my server logs. And I came across this.
>
> Jan 14 11:46:51 penguin ftp(pam_unix)[7256]: authentication failure;
> logname= uid=0 euid=0 tty= ruser= rhost=63.240. xxx.xxx
> Jan 14 11:46:53 penguin ftpd: 63.240.xxx.xxx: connected: IDLE
> $
> Jan 14 11:47:06 penguin ftp(pam_unix)[7256]: authentication failure;
> logname= uid=0 euid=0 tty= ruser= rhost=63.240.xxx.xxx user=xxxxxx
> Jan 14 11:47:09 penguin ftpd: 63.240.xxx.xxx: connected: IDLE
> $
> Jan 14 11:47:22 penguin ftp(pam_unix)[7256]: authentication failure;
> logname= uid=0 euid=0 tty= ruser= rhost=63.240.xxx.xxx user=xxxxxx
> Jan 14 11:47:24 penguin ftpd: 63.240.xxx.xxx: connected: IDLE
> $
> Jan 14 11:47:35 penguin ftp(pam_unix)[7256]: authentication failure;
> logname= uid=0 euid=0 tty= ruser= rhost=63.240.xxx.xxx user=xxxxxx
> Jan 14 11:47:37 penguin ftpd: 63.240.xxx.xxx: connected: IDLE
> $
> Jan 14 11:47:47 penguin ftpd: 63.240.xxx.xxx: connected: IDLE
> $
> Jan 14 11:47:47 penguin ftp(pam_unix)[7256]: authentication failure;
> logname= uid=0 euid=0 tty= ruser= rhost=63.240.xxx.xxx user=root
> Jan 14 11:47:49 penguin ftpd: 63.240.xxx.xxx: connected: IDLE
> $
> Jan 14 11:47:49 penguin ftpd: 63.240.xxx.xxx: connected: IDLE
>
> Normally this wouldn't be a problem, get tons of them everyday except this
> attempt is coming from one of our Competing Corporations.
> On Dec. 26th, I found a syn flood coming from the same ip. What actions
> should I take? What kind of legal matters are involved in
> this. As I dig deeper, I keep finding connection attempts. There is NO
> reason for them to be trying to access our servers.
>
> Thanks for any help.
> Jeremy Hoover
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Patrick Patterson: "Re: Trojans that use LDAP"
- In reply to: Jeremy Hoover: "Connection Attempts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
