Just returned from dinner to find a hell of a lot of activity directed
at my box. I'm including the log excerpts here. Don't know if this guy
just picked me, or if he's on the rampage. Keep an eye out for
him/her/it.
Nolan
To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Cracking attempts
Mime-Version: 1.0 (generated by tm-edit 7.106)
Content-Type: text/plain; charset=NIL
The following are logs of an extensive cracking attempt which
originated from a host which appears to reside on the tmns.net.au
domain, which were directed at host
resnet-21-203.dorm.utexas.edu. Please attempt to resolve this problem.
Nolan
Jan 14 18:23:29 localhost abacus_sentry[123]: attackalert: SYN/Normal scan from host:
WBBH-U-001-pool-190.tmns.net.au/139.134.159.190 to TCP port: 79
Jan 14 18:23:29 localhost abacus_sentry[123]: attackalert: Host 139.134.159.190 has
been blocked via wrappers.
Jan 14 18:23:29 localhost abacus_sentry[123]: attackalert: Host 139.134.159.190 has
been blocked via dropped route.
Jan 14 18:23:30 localhost icmplogd: destination unreachable from localhost [127.0.0.1]
Jan 14 18:23:30 localhost abacus_sentry[123]: attackalert: SYN/Normal scan from host:
WBBH-U-001-pool-190.tmns.net.au/139.134.159.190 to TCP port: 23
Jan 14 18:23:30 localhost abacus_sentry[123]: attackalert: Host:
WBBH-U-001-pool-190.tmns.net.au/139.134.159.190 is already blocked Ignoring
Jan 14 18:23:30 localhost icmplogd: destination unreachable from localhost [127.0.0.1]
Jan 14 18:23:30 localhost last message repeated 2 times
Jan 14 18:23:30 localhost abacus_sentry[123]: attackalert: SYN/Normal scan from host:
WBBH-U-001-pool-190.tmns.net.au/139.134.159.190 to TCP port: 143
Jan 14 18:23:30 localhost abacus_sentry[123]: attackalert: Host:
WBBH-U-001-pool-190.tmns.net.au/139.134.159.190 is already blocked Ignoring
Jan 14 18:23:30 localhost icmplogd: destination unreachable from localhost [127.0.0.1]
Jan 14 18:23:31 localhost last message repeated 2 times
Jan 14 18:23:31 localhost abacus_sentry[123]: attackalert: SYN/Normal scan from host:
WBBH-U-001-pool-190.tmns.net.au/139.134.159.190 to TCP port: 53
Jan 14 18:23:31 localhost abacus_sentry[123]: attackalert: Host:
WBBH-U-001-pool-190.tmns.net.au/139.134.159.190 is already blocked Ignoring
Jan 14 18:23:31 localhost icmplogd: destination unreachable from localhost [127.0.0.1]
Jan 14 18:23:31 localhost last message repeated 2 times
Jan 14 18:23:31 localhost abacus_sentry[123]: attackalert: SYN/Normal scan from host:
WBBH-U-001-pool-190.tmns.net.au/139.134.159.190 to TCP port: 110
Jan 14 18:23:31 localhost abacus_sentry[123]: attackalert: Host:
WBBH-U-001-pool-190.tmns.net.au/139.134.159.190 is already blocked Ignoring
Jan 14 18:23:31 localhost icmplogd: destination unreachable from localhost [127.0.0.1]
Jan 14 18:23:34 localhost last message repeated 4 times
Jan 14 18:23:34 localhost tcplogd: port 6000 connection attempt from
[EMAIL PROTECTED] [139.134.159.190]
Jan 14 18:23:34 localhost icmplogd: destination unreachable from localhost [127.0.0.1]
Jan 14 18:23:34 localhost tcplogd: imap2 connection attempt from
��^D@^[EMAIL PROTECTED] [139.134.159.190]
Jan 14 18:23:34 localhost icmplogd: destination unreachable from localhost [127.0.0.1]
Jan 14 18:23:34 localhost tcplogd: pop-3 connection attempt from
��^D@^[EMAIL PROTECTED] [139.134.159.190]
Jan 14 18:23:36 localhost icmplogd: destination unreachable from localhost [127.0.0.1]
Jan 14 18:23:36 localhost tcplogd: telnet connection attempt from
��^D@^[EMAIL PROTECTED] [139.134.159.190]
Jan 14 18:23:37 localhost icmplogd: destination unreachable from localhost [127.0.0.1]
Jan 14 18:23:37 localhost tcplogd: finger connection attempt from
��^D@^[EMAIL PROTECTED] [139.134.159.190]
Jan 14 18:23:39 localhost icmplogd: destination unreachable from localhost [127.0.0.1]
Jan 14 18:23:39 localhost tcplogd: domain connection attempt from
��^D@^[EMAIL PROTECTED] [139.134.159.190]
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
