I also agree with Tom. The bad news is that you where attacked. The good
news is that it look like it was just a "Script Kiddy" that did the attack.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Larry Grover
> Sent: Tuesday, October 03, 2000 10:58
On Thu, 05 Oct 2000, Larry Grover wrote:
> Thanks for the response. Your analysis confirms my suspicions.
>
> I do have PortSentry installed, and it has flagged other attempts in the past, but
>not this one.
>
> Since this attmept, I've been specifically blocking 203.21.16.18 on the firewall,
> -Original Message-
> From: Larry Grover [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, October 05, 2000 1:50 PM
> To: [EMAIL PROTECTED]
> Subject: RE: log entries: innocent or crack attempt?
>
> Thanks for the response. Your analysis confirms my suspi
Thanks for the response. Your analysis confirms my suspicions.
I do have PortSentry installed, and it has flagged other attempts in the past, but not
this one.
Since this attmept, I've been specifically blocking 203.21.16.18 on the firewall, and
on the internal server.
I'm also logging all
Looks to me like something similar to the following happened:
1) (L)user on 203.21.16.18 connected (http) to your web server at 15:00 (so
far not too worrisome)
2) L(user) on 203.21.16.18 tries to ssh into your machine - WARNING! He has
no business doing this, you are being probed!
3) Authenti