Security Incidents mailing list archives
Re: funky syslog entry
From: n5ltc () WESTCOMM NET (Chris West)
Date: Thu, 29 Jun 2000 09:47:46 -0500
I have also seen alot of this activity lately. It comes from all over and they try to hit all of my servers. Chris Sean Michael Whipkey wrote:
klug wrote:While searching through syslog entries I found this little tid bit. Others and I, believe its some sort of scan. Any ideas are welcome. Portmap has sense been removed from this server. klug Jun 24 14:39:10 * portmap[27279]: connect from 193.40.245.45 to dump(): request from unauthorized hostYou're not the only one. I got it on two machines here at work: Jun 23 23:45:20 riff portmap[53850]: connect from 193.40.245.45 to dump(): request from unauthorized host Jun 23 23:51:06 torg portmap[54972]: connect from 193.40.245.45 to dump(): request from unauthorized host These machines are on different subnets, too... The IP address is for an Estonian university. They never responded to my e-mails to them about this. SeanMike -- SeanMike Whipkey - Geek-a-mondo "Extra ninjas make any party, family gathering, or war scene tons more interesting." http://www.ninjahypothesis.com/messenger.htm ObCompanyPlug: http://www.mrgoodbucks.com/
-- Chris West - N5LTC Sys Admin/Comm Tech WCSOnline/Western Communications 915-949-3000
Current thread:
- Re: funky syslog entry, (continued)
- Re: funky syslog entry Valdis Kletnieks (Jun 27)
- Re: funky syslog entry Jens Hektor (Jun 27)
- Re: funky syslog entry Erich Meier (Jun 28)
- Re: funky syslog entry Sean Michael Whipkey (Jun 28)
- blind forwards Keith McCammon (Jun 28)
- Re: blind forwards Ex Machina (Jun 29)
- Re: blind forwards Brock Norvell (Jun 29)
- Re: blind forwards John Hall (Jun 29)
- Re: blind forwards David Pick (Jun 30)
- Re: funky syslog entry UnixGeek (Jun 29)
- Re: funky syslog entry Chris West (Jun 29)
- wuftp exploit Toby Miller (Jun 28)
- Re: wuftp exploit Daniel Jacobowitz (Jun 28)
- Permissions Derick Schuetz (Jun 27)
- Re: Permissions Valdis Kletnieks (Jun 27)
- Re: Permissions Jon Lewis (Jun 27)
- Probes for MySQL under Linux? Ralf G. R. Bergs (Jun 27)
- Re: Probes for MySQL under Linux? Tabor J. Wells (Jun 27)
- Port scan (106 and 389) Chris Laycock (Jun 28)
- Compromise and Bind Replacement Scott Brown (Jun 28)
- Re: Port scan (106 and 389) Fabio Pietrosanti (Jun 28)