so set up
specific ports.
> -Original Message-
> From: J. Scott Kasten [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, August 29, 2000 3:39 PM
> To: Scott Kindley
> Cc: [EMAIL PROTECTED]
> Subject: Re: I'd say this is someone trying to find an expolit
>
>
> Yeah
Yeah, it's anoying, but he's probably done no harm yet. The best things
to do are to go through your /etc/rc.d/rcX.d where 'X' is your default run
level and make sure you've got any uncesary services removed from startup
there (the symlinks starting with 'S'). Go through your /etc/inetd.conf
an
Hello John,
Wednesday, August 30, 2000, 14:49:32 zulu, you wrote:
JA> I still use the linux box as my primary machine, mainly because I
JA> work for a "linux-friendly" local ISP and my machine at work is
JA> linux. However, there are, as you pointed out, a few things that
JA> still work better u
I especially use MicroSloth for games... ;)
> -Original Message-
> From: John Aldrich [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, August 30, 2000 10:50 AM
> To: [EMAIL PROTECTED]
> Subject: RE: I'd say this is someone trying to find an expolit
>
>
On Wed, 30 Aug 2000, Burke, Thomas G. wrote:
> Yes, you and everyone else who is hacking on me for having a winblows box in
> my house is correct. Anything Sam Spade can do I can do at the command line
> on my LINUX server.
>
Thomas:
I don't think anyone is blaming you for running a windows box.
On Wed, 30 Aug 2000, Scott Kindley wrote:
> Hu..then I'll leave that option for people who choose to
> use a Microsoft OS for their server needs. As for me, well I only use
> Linux for my server. Although I do use an NT workstation client at home
> and at IUPUI for school matters I pre
On Wed, 30 Aug 2000, Scott Kindley wrote:
> >Subject: Re: I'd say this is someone trying to find an expolit
> (snip)
> >whois @whois.arin.net
> > John
>
> Great tip. Thanks John
>
>
Heh. :-) I use that all the time... or used to before I discovered
ake life easier? This one
certainly does that, regardless of the platform it's on...
Sorry, I guess I'm in a pissy mood today...
> -Original Message-
> From: Scott Kindley [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, August 30, 2000 12:34 AM
> To: [EMAIL PROTECTED]
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of Burke, Thomas G.
>Sent: Tuesday, August 29, 2000 3:18 PM
>To: '[EMAIL PROTECTED]'
>Subject: RE: I'd say this is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of John Aldrich
>Sent: Tuesday, August 29, 2000 2:46 PM
>To: [EMAIL PROTECTED]
>Subject: Re: I'd say this is someone trying to find a
on the topic of tracking down what's going on I find the tools at:
http://combat.uxn.com/
to be very useful in finding out who owns a certain IP and who
they're connected through... and like the best stuff in life they're
free! :)
there's also useful information on how to follow up attempted
On Tue, 29 Aug 2000, Burke, Thomas G. wrote:
> Actually, I've found a _VERY_ nice tool for MS boxes called "Sam Spade"
>
> Does all sortsa neat stuff... If you have a Windoze box on your network,
> I'd look in to getting this, especially since it's free.
>
I can do just about anything SamSpade
AIL PROTECTED]]
> Sent: Tuesday, August 29, 2000 3:46 PM
> To: [EMAIL PROTECTED]
> Subject: Re: I'd say this is someone trying to find an expolit
>
> On Tue, 29 Aug 2000, Vidiot wrote:
> > >Not one of my IP's. Don't know anybody using any IP on that net
On Tue, 29 Aug 2000, Vidiot wrote:
> >Not one of my IP's. Don't know anybody using any IP on that network.
> >Any suggestions o how to handle this? It's my first attempt at being
> >hacked. I have him blocked with wrappers after a telnet attempt a few
> >days ago that I thought looked funny. So fo
It looks like your attacker is a QWEST customer they should be able to help
you out.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Scott Kindley
Sent: Tuesday, August 29, 2000 2:20 PM
To: [EMAIL PROTECTED]
Subject: I'd say this is someone tryi
: Tuesday, August 29, 2000 2:20 PM
To: [EMAIL PROTECTED]
Subject: I'd say this is someone trying to find an expolit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aug 29 04:21:12 ns1 in.telnetd[11975]: refused connect from
63.145.81.31
Aug 29 04:21:12 ns1 in.telnetd[11977]: refused connect
MAIL PROTECTED]
> Subject: I'd say this is someone trying to find an expolit
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Aug 29 04:21:12 ns1 in.telnetd[11975]: refused connect from
> 63.145.81.31
> Aug 29 04:21:12 ns1 in.telnetd[11977]: refused connec
Scott Kindley wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Aug 29 04:21:12 ns1 in.telnetd[11975]: refused connect from
> 63.145.81.31
> Aug 29 04:21:12 ns1 in.telnetd[11977]: refused connect from
> 63.145.81.31
> Aug 29 04:21:12 ns1 in.telnetd[11976]: refused connect from
> 63.
>Not one of my IP's. Don't know anybody using any IP on that network.
>Any suggestions o how to handle this? It's my first attempt at being
>hacked. I have him blocked with wrappers after a telnet attempt a few
>days ago that I thought looked funny. So for now I think I'm ok. I have
>checked me lo
On Tue, 29 Aug 2000, Scott Kindley wrote:
>
> Not one of my IP's. Don't know anybody using any IP on that network.
> Any suggestions o how to handle this? It's my first attempt at being
> hacked. I have him blocked with wrappers after a telnet attempt a few
> days ago that I thought looked funny.
For best security, you shouldn't use tcp_wrappers to deny just suspicious
ones - because at that point it may be too late once you notice it. You
should deny all by default and allow only the ones you know to be
legitimate connections.
Secondly, do you use imap? Is this machine a mail server th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aug 29 04:21:12 ns1 in.telnetd[11975]: refused connect from
63.145.81.31
Aug 29 04:21:12 ns1 in.telnetd[11977]: refused connect from
63.145.81.31
Aug 29 04:21:12 ns1 in.telnetd[11976]: refused connect from
63.145.81.31
Aug 29 04:21:12 ns1 in.telnetd[1
22 matches
Mail list logo
