Security Incidents mailing list archives
Addendum: scanned - strange!
From: sir_scriptzalot () HOTMAIL COM (Sir Scriptzalot)
Date: Wed, 21 Jun 2000 15:07:38 EST
Just adding a point I forgot to mention. There was a zero length file found. The file was /etc/auth/system/default.db (fyi Digital UNIX V4.0D (Rev. 878)) Check this out. It all seems weird. Does anyone know what's happening here? Attack sig? Host 10.3.2.15 (our host) became unstable and would'nt function correctly, no logins, no active logins could be used to do anything etc. for inexplicable reasons at about the same time the patterns below ceased. Regards, Max Max Steel Omega-Xpress time=epoch time shost=source/remote host/ip - ISP lhost=localhost - host on our network sport=source *from* port lport=port on local machine on our network time shost lhost sport lport bytes transferred 961464997 212.216.176.40 10.3.2.15 25 2503 48 961464997 212.216.176.75 10.3.2.15 25 2505 48 961465005 212.216.176.50 10.3.2.15 25 2479 48 961465005 212.216.176.51 10.3.2.15 25 2538 272 961465009 212.216.176.75 10.3.2.15 25 2528 48 961465018 212.216.176.40 10.3.2.15 25 2491 48 961465019 212.216.176.76 10.3.2.15 25 2492 48 961465021 212.216.176.41 10.3.2.15 25 2494 48 961465029 212.216.176.32 10.3.2.15 25 2549 416 961465029 212.216.176.51 10.3.2.15 25 2538 48 961465036 212.216.176.44 10.3.2.15 25 2499 48 961465040 212.216.176.77 10.3.2.15 25 2550 320 961465047 212.216.176.40 10.3.2.15 25 2503 48 ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Current thread:
- "Quova.net" (Exodus downstream customer) Missouri FreeNet Administration (Jun 17)
- Re: Quova.net M J (Jun 20)
- Re: Quova.net Fabio Bastiglia Oliva (Jun 20)
- Re: Quova.net Brett Glass (Jun 20)
- Hacked by the script kiddie - an ordinary netadmin's day Jakub Urbanec (Jun 21)
- SV: Hacked by the script kiddie - an ordinary netadmin's day Kim C. Saxvik (Jun 23)
- Addendum: scanned - strange! Sir Scriptzalot (Jun 21)
- Re: Quova.net Fabio Bastiglia Oliva (Jun 20)
- Re: Quova.net Valdis Kletnieks (Jun 20)
- Re: Quova.net M J (Jun 20)
- <Possible follow-ups>
- Re: "Quova.net" (Exodus downstream customer) Rune Kristian Viken (Jun 20)
- Re: "Quova.net" (Exodus downstream customer) Missouri FreeNet Administration (Jun 22)
- Re: "Quova.net" (Exodus downstream customer) Cold Fire (Jun 23)
- Interesting research paper Alfred Huger (Jun 25)
- DOS attack Bogdan Catalin Donici (Jun 26)
- Re: "Quova.net" (Exodus downstream customer) Missouri FreeNet Administration (Jun 22)
- Re: "Quova.net" (Exodus downstream customer) Nicholas de Jong (Jun 20)