Security Incidents mailing list archives
Connection Attempts
From: "Jeremy Hoover" <hoover () gti-bti com>
Date: Mon, 14 Jan 2002 16:49:21 -0600
Today I was going through my server logs. And I came across this. Jan 14 11:46:51 penguin ftp(pam_unix)[7256]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=63.240. xxx.xxx Jan 14 11:46:53 penguin ftpd: 63.240.xxx.xxx: connected: IDLE $ Jan 14 11:47:06 penguin ftp(pam_unix)[7256]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=63.240.xxx.xxx user=xxxxxx Jan 14 11:47:09 penguin ftpd: 63.240.xxx.xxx: connected: IDLE $ Jan 14 11:47:22 penguin ftp(pam_unix)[7256]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=63.240.xxx.xxx user=xxxxxx Jan 14 11:47:24 penguin ftpd: 63.240.xxx.xxx: connected: IDLE $ Jan 14 11:47:35 penguin ftp(pam_unix)[7256]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=63.240.xxx.xxx user=xxxxxx Jan 14 11:47:37 penguin ftpd: 63.240.xxx.xxx: connected: IDLE $ Jan 14 11:47:47 penguin ftpd: 63.240.xxx.xxx: connected: IDLE $ Jan 14 11:47:47 penguin ftp(pam_unix)[7256]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=63.240.xxx.xxx user=root Jan 14 11:47:49 penguin ftpd: 63.240.xxx.xxx: connected: IDLE $ Jan 14 11:47:49 penguin ftpd: 63.240.xxx.xxx: connected: IDLE Normally this wouldn't be a problem, get tons of them everyday except this attempt is coming from one of our Competing Corporations. On Dec. 26th, I found a syn flood coming from the same ip. What actions should I take? What kind of legal matters are involved in this. As I dig deeper, I keep finding connection attempts. There is NO reason for them to be trying to access our servers. Thanks for any help. Jeremy Hoover ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Connection Attempts Jeremy Hoover (Jan 14)
- Re: Connection Attempts Anders Thulin (Jan 15)
- Re: Connection Attempts Andrew Simmons (Jan 15)
- Re: Connection Attempts Kevin . Reardon (Jan 15)