Security Incidents mailing list archives
Re: [Re: interesting attempt at intrusion] case solved!
From: jlewis () LEWIS ORG (Jon Lewis)
Date: Fri, 31 Dec 1999 00:16:57 -0500
On Thu, 30 Dec 1999, Anonymous wrote:
Before I sit down and start spooning up this large plate of crow, let me confess that for the past week and a half a youth in a different state has been trying repeatedly to overflow my telnetd. The best I have seen so far was this entry: Dec 21 22:18:37 noc telnetd[4269]: ttloop: peer died: Invalid or incomplete multibyte or wide character
If you don't know the IP these are coming from yet, you can use ipfwadm/ipchains to log syns coming from "external" addresses to whatever ports you're concerned with. That way, no matter how quickly they terminate the connection, you will see where they came from. I did this long ago to track down and filter some people attacking (crashing) inetd on an IRC server. ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
Current thread:
- Re: [Re: interesting attempt at intrusion] case solved! Jon Lewis (Dec 30)