Security Incidents mailing list archives
Mail and web server attack
From: tomas.sjostrom () PICENG SE (Tomas )
Date: Thu, 9 Mar 2000 16:06:31 -0000
I recently detected several sloppy intrusion attempts on my web and mail server. The attempts originated from ip - 209.161.238.144, 207.226.241.155, and 208.184.216.202. Logins were attempted via telnet, pop3 and imap (command stream owerflow for the last two). Additionally, the PHF.CGI exploit was attempted followed by the scripts TEST.CGI and HANDLER.CGI. The above mentioned networks have been informed of the contacts, but if anyone has seen anything similar from those networks let me know. Tomas Sjöström
Current thread:
- Mail and web server attack Tomas (Mar 09)
- TCP port 3218 Boris Badenov (Mar 13)
- Re: TCP port 3218 Graeme Fowler (Mar 16)
- Re: Mail and web server attack Duane Dunston (Mar 14)
- TCP port 3218 Boris Badenov (Mar 13)