Security Incidents mailing list archives
A slap on the wrist...?
From: Jan Muenther <jan () RADIO HUNDERT6 DE>
Date: Tue, 29 Aug 2000 17:28:27 +0200
Hello folks, some obviously dumb kiddie has entangled himself in my logfile during the weekend. Excerpts: 08-25-2000 19:54:41 [NB](#0): Open the CD ROM Requested 08-25-2000 19:54:48 [NB][#0] Client disconnected. 08-25-2000 19:55:19 [NB] Connection[#0] from `p3E99060F.dip.t-dialin.net' (62.153.6.15) accepted! 08-25-2000 19:55:26 [NB](#0): Unknown NetBus Command (Garbage?) 08-25-2000 19:55:35 [NB](#0): 696;404 Set Mouse Position 08-25-2000 19:55:36 [NB](#0): 624;376SetMousePos;520;332SetMousePos;470;320SetMousePos;448;329SetMousePos;440;337SetMousePos;431;357SetMousePos;431;365SetMousePos;431;373SetMousePos;431;377SetMousePos;431;379SetMousePos;433;382SetMousePos;459;392SetMousePos;503;408SetMousePos;555;424SetMousePos;593;436SetMousePos;619;440SetMousePos;639;444SetMousePos;659;448SetMousePos;673;451 Set Mouse Position 08-25-2000 19:55:37 [NB](#0): 675;452SetMousePos;675;452SetMousePos;675;450SetMousePos;674;430SetMousePos;674;410SetMousePos;674;407SetMousePos;676;404SetMousePos;678;401 Set Mouse Position 08-25-2000 19:55:38 [NB](#0): 678;401 Set Mouse Position 08-25-2000 19:55:49 [NB](#0): 233 Password Change Request 08-25-2000 19:55:53 [NB](#0): Unknown NetBus Command (Garbage?) 08-25-2000 19:55:57 [NB][#0] Client disconnected. Plus a couple of portscans etc. pp. Man, this particular person can't be overly clever. First, if the scanner he uses is half decent, it should recognize the host as a Unix machine, thus making it pretty improbable NetBus is running on it. Secondly, my fakebo installation shows a banner after connect which makes it clear that the attempts are being logged and everybody's supposed to bugger off. What to do...? Should I ignore him like I usually ignore portscans or should he get a slap on the wrist...? I already contacted the provider, it was a dial in account from T-Online, so I don't think I'll get a reply to soon, if at all. What really upsets me is the fact that after all he wanted to change the NetBus password to gain single access to the host. Grr. What a dumbo. So, what do you guys normally do? Especially the one sited in Germany who deal with T-Online...?? Any comments are welcomed, Cheers, Jan -- Radio HUNDERT,6 Medien GmbH Berlin - EDV - j.muenther () radio hundert6 de
Current thread:
- A slap on the wrist...? Jan Muenther (Aug 29)
- Re: A slap on the wrist...? Daniel Roesen (Aug 30)
- <Possible follow-ups>
- Re: A slap on the wrist...? H Carvey (Aug 30)
- Re: A slap on the wrist...? Nexus (Aug 30)
- Re: A slap on the wrist...? Greg A. Woods (Aug 31)
- Re: A slap on the wrist...? Rob McCauley (Aug 31)
- Re: A slap on the wrist...? Steve Stearns (Aug 31)
- Re: A slap on the wrist...? Jan Muenther (Aug 31)
- Re: A slap on the wrist...? Daniel Medina (Aug 31)
- Re: A slap on the wrist...? Nexus (Aug 30)