On Fri, Oct 25, 2002 at 03:44:38PM -0700, Daevid Vincent wrote:
> I run RH8.0 so this sure seems suspicious to me:
>
> [...}
>
> And so now is there a way I can make a file of IP/domains that are
> banned from contacting my server (all ports)?
You aren't vulnerable to those MS bugs, so I'd just
rom [EMAIL PROTECTED] =====
>
>-Original Message-
>From: [EMAIL PROTECTED] [mailto:redhat-list-admin@;redhat.com]
>On Behalf Of Daevid Vincent
>Sent: Friday, October 25, 2002 8:15 PM
>To: [EMAIL PROTECTED]
>Subject: Is this a hack attempt?
>
>
>I run RH8.0
Code Red.
-Original Message-
From: [EMAIL PROTECTED] [mailto:redhat-list-admin@;redhat.com]
On Behalf Of Daevid Vincent
Sent: Friday, October 25, 2002 8:15 PM
To: [EMAIL PROTECTED]
Subject: Is this a hack attempt?
I run RH8.0 so this sure seems suspicious to me:
1-0 25065 0/508/508
I run RH8.0 so this sure seems suspicious to me:
1-0 25065 0/508/508 _ 6.42 128 0 0.0 130.31 130.31 12.237.249.145
daevid.com GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0
4-0 25068 0/519/519 _ 5.86 139 0 0.0 143.76 143.76 12.237.249.145
daevid.com GET /MSADC/root.exe?/c+dir H
Iam recieving a log to roots email stating
"portmap[395]: connect from 144.214.130.180 to dump(): requeest from
unauthorized host."
Is his an attack on the portmapper possibly?? What is the "dump():"
entry in this message mean?
Lemme know if ya need any additional info from my logs or somethi