Security Incidents mailing list archives

Re: Connection Attempts

From: Andrew Simmons <andrew () zpok demon co uk>
Date: Tue, 15 Jan 2002 17:56:32 +0000

Jeremy Hoover wrote:

Today I was going through my server logs.  And I came across this.

Jan 14 11:46:51 penguin ftp(pam_unix)[7256]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=63.240. xxx.xxx
Jan 14 11:46:53 penguin ftpd: 63.240.xxx.xxx: connected: IDLE

[snip]

Normally this wouldn't be a problem, get tons of them everyday except this
attempt is coming from one of our Competing Corporations.> On Dec. 26th, I found a syn flood coming from the same ip.   
What actions
should I take?  What kind of legal matters are involved in
this.  As I dig deeper, I keep finding connection attempts.  There is NO
reason for them to be trying to access our servers.

Call your lawyers. And remember not to take legal advice from randompeople over the Internet :)


\a
--
===( Andrew Simmons     PGP key: http://pgpkeys.mit.edu



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

Current thread:

Connection Attempts Jeremy Hoover (Jan 14)
- Re: Connection Attempts Anders Thulin (Jan 15)
- Re: Connection Attempts Andrew Simmons (Jan 15)
- Re: Connection Attempts Kevin . Reardon (Jan 15)