Security Incidents mailing list archives
Re: Not pulling the plug
From: thomas () 88 NET (thomas lakofski)
Date: Fri, 18 Feb 2000 01:31:29 +0000
I saw this too Feb 16 17:32:04 oi ippl: port 5 connection attempt from ns.rbscc.com [12.3.24.2] portsentry blocked the host very quickly... works for me. as to port 5... ??? -tl On Wed, 16 Feb 2000, Stephen Friedl wrote:
From: Stephen Friedl <friedl () MTNDEW COM> To: INCIDENTS () SECURITYFOCUS COM Date: Wed, 16 Feb 2000 07:19:12 -0800 Subject: Not pulling the plug Hello all, For *two days*, an ADMROCKS-compromised machine in New Jersey has been doing a scan for TCP port 5 (what's this?), and the owner of the box refused to pull the plug while he fools with it. What's the best way to handle this?
......
who's watching your watchmen?
EF D8 33 68 B3 E3 E9 D2 C1 3E 51 22 8A AA 7B 98
Current thread:
- Not pulling the plug Stephen Friedl (Feb 16)
- Re: Not pulling the plug thomas lakofski (Feb 17)
- Re: Not pulling the plug Robert Graham (Feb 18)
- Re: Not pulling the plug Niles Mills (Feb 18)
- <Possible follow-ups>
- Re: Not pulling the plug Ruth Milner (Feb 18)
- A few strange scans... Murray, Mike (Feb 20)
- Re: Not pulling the plug Miller, Toby (Feb 22)
- Re: Not pulling the plug David Brumley (Feb 23)
- Re: Not pulling the plug thomas lakofski (Feb 17)