Security Incidents mailing list archives
Re: Connection Attempts
From: Andrew Simmons <andrew () zpok demon co uk>
Date: Tue, 15 Jan 2002 17:56:32 +0000
Jeremy Hoover wrote:
Today I was going through my server logs. And I came across this. Jan 14 11:46:51 penguin ftp(pam_unix)[7256]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=63.240. xxx.xxx Jan 14 11:46:53 penguin ftpd: 63.240.xxx.xxx: connected: IDLE
[snip]
Normally this wouldn't be a problem, get tons of them everyday except this attempt is coming from one of our Competing Corporations.> On Dec. 26th, I found a syn flood coming from the same ip. What actions should I take? What kind of legal matters are involved in this. As I dig deeper, I keep finding connection attempts. There is NO reason for them to be trying to access our servers.
Call your lawyers. And remember not to take legal advice from random people over the Internet :)
\a -- ===( Andrew Simmons PGP key: http://pgpkeys.mit.edu ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Connection Attempts Jeremy Hoover (Jan 14)
- Re: Connection Attempts Anders Thulin (Jan 15)
- Re: Connection Attempts Andrew Simmons (Jan 15)
- Re: Connection Attempts Kevin . Reardon (Jan 15)