I am not sure if it will help but here is some info on your attacker. It is
a HTTP server (running Apache/1.3.12 (Unix)(Red Hat/Linux) PHP/3.0.15
mod_perl/1.21). out of Orem, UT 84058
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Scott Kindley
Sent: Tuesday, August 29, 2000 2:20 PM
To: [EMAIL PROTECTED]
Subject: I'd say this is someone trying to find an expolit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Aug 29 04:21:12 ns1 in.telnetd[11975]: refused connect from
63.145.81.31
Aug 29 04:21:12 ns1 in.telnetd[11977]: refused connect from
63.145.81.31
Aug 29 04:21:12 ns1 in.telnetd[11976]: refused connect from
63.145.81.31
Aug 29 04:21:12 ns1 in.telnetd[11978]: refused connect from
63.145.81.31
Aug 29 04:21:12 ns1 in.telnetd[11979]: refused connect from
63.145.81.31
Aug 29 04:21:12 ns1 in.telnetd[11980]: refused connect from
63.145.81.31
Aug 29 04:21:12 ns1 in.telnetd[11981]: refused connect from
63.145.81.31
Aug 29 04:21:12 ns1 in.telnetd[11982]: refused connect from
63.145.81.31
Aug 29 04:21:13 ns1 in.telnetd[11983]: refused connect from
63.145.81.31
Aug 29 04:21:13 ns1 imapd[11984]: refused connect from 63.145.81.31
Aug 29 04:21:13 ns1 imapd[11988]: refused connect from 63.145.81.31
Aug 29 04:21:13 ns1 imapd[11987]: refused connect from 63.145.81.31
Aug 29 04:21:13 ns1 imapd[11985]: refused connect from 63.145.81.31
Aug 29 04:21:13 ns1 imapd[11986]: refused connect from 63.145.81.31
Aug 29 04:21:13 ns1 imapd[11989]: refused connect from 63.145.81.31
Aug 29 04:21:13 ns1 in.telnetd[11990]: refused connect from
63.145.81.31
Aug 29 04:21:13 ns1 in.telnetd[11991]: refused connect from
63.145.81.31
Aug 29 04:21:13 ns1 in.telnetd[11992]: refused connect from
63.145.81.31
Aug 29 04:21:15 ns1 in.telnetd[11993]: refused connect from
63.145.81.31
Aug 29 04:21:15 ns1 imapd[11994]: refused connect from 63.145.81.31
Aug 29 04:21:16 ns1 imapd[11995]: refused connect from 63.145.81.31
Aug 29 04:21:16 ns1 imapd[11996]: refused connect from 63.145.81.31
Aug 29 04:21:16 ns1 imapd[11997]: refused connect from 63.145.81.31
Aug 29 04:21:16 ns1 in.telnetd[11998]: refused connect from
63.145.81.31
Aug 29 04:21:16 ns1 in.telnetd[11999]: refused connect from
63.145.81.31
Aug 29 04:21:16 ns1 in.telnetd[12000]: refused connect from
63.145.81.31
Aug 29 04:21:16 ns1 in.telnetd[12001]: refused connect from
63.145.81.31
Aug 29 04:21:16 ns1 in.telnetd[12002]: refused connect from
63.145.81.31
Aug 29 04:21:16 ns1 in.telnetd[12003]: refused connect from
63.145.81.31
Aug 29 04:21:19 ns1 in.telnetd[12004]: refused connect from
63.145.81.31
Not one of my IP's. Don't know anybody using any IP on that network.
Any suggestions o how to handle this? It's my first attempt at being
hacked. I have him blocked with wrappers after a telnet attempt a few
days ago that I thought looked funny. So for now I think I'm ok. I have
checked me logs and verified nothing has changed on the system. So
entry wasn't made. Still the attempt is bugging me.
- -----
Scott Kindley
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
iQA/AwUBOav+xdWX5RP8v4x6EQJz1ACg6Nfqhv9GFc+XjLBXgFc4+nh4UqUAnidp
SCLYRw1deJdSu6VUI4Y4TxEQ
=kYu/
-----END PGP SIGNATURE-----
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
