Jeff Smelser wrote:
>
> Today, as for the last few days, I have been trying to track this down.
> Please help.
>
> Dec 16 13:27:38 c465357-a portsentry[8432]: attackalert: Connect from
> host: 12.30.163.51/12.30.163.51 to UDP port: 137
> Dec 16 13:27:38 c465357-a portsentry[8432]: attackalert: Host:
> 12.30.163.51 is already blocked. Ignoring
> Dec 16 13:28:48 c465357-a portsentry[8432]: attackalert: Connect from
> host: 12.30.163.51/12.30.163.51 to UDP port: 137
> Dec 16 13:28:48 c465357-a portsentry[8432]: attackalert: Host:
> 12.30.163.51 is already blocked. Ignoring
>
> He has been talking to nothing since he has been forwarded to localhost
> for weeks, but this week he seems persistant.. I did a nslookup and its
> either not a valid ip, or he has his own and is not publishing it. I just
> need to some help tracking it down so he can be taken off the net.
>
> I have logs of him trying to crack inetd, and various other ports. Since
> inetd was the on;y open slot, thats the only one he tried for 10 mins.
> Trying to buffer overflow it i think.
>
> Thanks
> Jeff
>
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
This ip is in att.net address block. I suggest you send a detailed
complaint to [EMAIL PROTECTED] Include the log entries for these attacks
for all incident's that you have, and use the word PRIORITY in the
subject line. Indicate what time zone you're in so the time stamps can
be used to determine the user incase this is a dial-up account.
Good luck.
Fred
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
