Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: funky syslog entry

From: n5ltc () WESTCOMM NET (Chris West)
Date: Thu, 29 Jun 2000 09:47:46 -0500

I have also seen alot of this activity lately.  It comes from all over
and they try to hit all of my servers.

Chris

Sean Michael Whipkey wrote:


klug wrote:


While searching through syslog entries I found this little tid bit.
Others and I, believe its some sort of scan. Any ideas are welcome.
Portmap has sense been removed from this server.

klug

Jun 24 14:39:10 * portmap[27279]:
connect from 193.40.245.45 to dump(): request from unauthorized host


You're not the only one.  I got it on two machines here at work:
Jun 23 23:45:20 riff portmap[53850]: connect from 193.40.245.45 to
dump(): request from unauthorized host
Jun 23 23:51:06 torg portmap[54972]: connect from 193.40.245.45 to
dump(): request from unauthorized host

These machines are on different subnets, too...

The IP address is for an Estonian university.  They never responded to
my e-mails to them about this.

SeanMike

--
SeanMike Whipkey - Geek-a-mondo
"Extra ninjas make any party, family gathering, or war scene tons
more interesting." http://www.ninjahypothesis.com/messenger.htm
ObCompanyPlug: http://www.mrgoodbucks.com/


--
Chris West - N5LTC
Sys Admin/Comm Tech
WCSOnline/Western Communications
915-949-3000
Previous By Date Next
Previous By Thread Next

Current thread: