Sort of off topic, but thought people here would be interested. MCI contacted me today because one of my systems is doing ssh logins (failed) to a box they have no right ssh-ing into. After some packet analysis, its clear that something is inside my network. The only solid evidence I have is a machine behind one of my gateways (BigIP) was trying to download a file called brute3.tar.gz via HTTP from 64.40.108.77. The download was unsuccessful.
Whatever this thing is, its tricky. It only runs a few times a day, so it is tough to find the culprit source with ethereal unless I run ethereal all day. In packet capture mode. Any thoughts? Has anyone heard of anything like this? -john _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
