Security Incidents mailing list archives
Re: Connection Attempts
From: Kevin.Reardon () oracle com
Date: Tue, 15 Jan 2002 09:53:22 -0800
I think you should treat this like the other attempts you are getting. You can also try to call them up and ask them what is going on. I'm sure that if they have a rouge in their midst, they would like to know and stop who ever it is. ---K Jeremy Hoover wrote:
Today I was going through my server logs. And I came across this. Jan 14 11:46:51 penguin ftp(pam_unix)[7256]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=63.240. xxx.xxx Jan 14 11:46:53 penguin ftpd: 63.240.xxx.xxx: connected: IDLE $ Jan 14 11:47:06 penguin ftp(pam_unix)[7256]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=63.240.xxx.xxx user=xxxxxx Jan 14 11:47:09 penguin ftpd: 63.240.xxx.xxx: connected: IDLE $ Jan 14 11:47:22 penguin ftp(pam_unix)[7256]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=63.240.xxx.xxx user=xxxxxx Jan 14 11:47:24 penguin ftpd: 63.240.xxx.xxx: connected: IDLE $ Jan 14 11:47:35 penguin ftp(pam_unix)[7256]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=63.240.xxx.xxx user=xxxxxx Jan 14 11:47:37 penguin ftpd: 63.240.xxx.xxx: connected: IDLE $ Jan 14 11:47:47 penguin ftpd: 63.240.xxx.xxx: connected: IDLE $ Jan 14 11:47:47 penguin ftp(pam_unix)[7256]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=63.240.xxx.xxx user=root Jan 14 11:47:49 penguin ftpd: 63.240.xxx.xxx: connected: IDLE $ Jan 14 11:47:49 penguin ftpd: 63.240.xxx.xxx: connected: IDLE Normally this wouldn't be a problem, get tons of them everyday except this attempt is coming from one of our Competing Corporations. On Dec. 26th, I found a syn flood coming from the same ip. What actions should I take? What kind of legal matters are involved in this. As I dig deeper, I keep finding connection attempts. There is NO reason for them to be trying to access our servers. Thanks for any help. Jeremy Hoover ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Attachment:
Kevin.Reardon.vcf
Description: Card for
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Connection Attempts Jeremy Hoover (Jan 14)
- Re: Connection Attempts Anders Thulin (Jan 15)
- Re: Connection Attempts Andrew Simmons (Jan 15)
- Re: Connection Attempts Kevin . Reardon (Jan 15)