On Thu, 05 Oct 2000, Larry Grover wrote:
> Thanks for the response. Your analysis confirms my suspicions.
>
> I do have PortSentry installed, and it has flagged other attempts in the past, but
>not this one.
>
> Since this attmept, I've been specifically blocking 203.21.16.18 on the firewall,
>and on the internal server.
>
> I'm also logging all connections and attempted connections, but I haven't seen
>anything suspicious since.
>
> I ran "rpm -Va" on the server, and everthing checked out OK.
>
> Anything else I should do to verify the integrity of my systems?
>
> Do you think the machine at 203.21.16.18 has been cracked and is being used to
>attempt attacks on others? Should I contact the admin of that machine?
>
Hmm...yeah... I'd notify 'em... but I'd also notify their host, which
is eventually going to be Telstra.net, but the IMMEDIATE upstream is
zivo.com.au, and THEIR upstream is Telstra.
John
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
