disallow telnet & make valid users use ssh...
send an e-mail to [EMAIL PROTECTED], include a copy of these logs &
tell them what's going on...
> -----Original Message-----
> From: Scott Kindley [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, August 29, 2000 2:20 PM
> To: [EMAIL PROTECTED]
> Subject: I'd say this is someone trying to find an expolit
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Aug 29 04:21:12 ns1 in.telnetd[11975]: refused connect from
> 63.145.81.31
> Aug 29 04:21:12 ns1 in.telnetd[11977]: refused connect from
> 63.145.81.31
> Aug 29 04:21:12 ns1 in.telnetd[11976]: refused connect from
> 63.145.81.31
> Aug 29 04:21:12 ns1 in.telnetd[11978]: refused connect from
> 63.145.81.31
> Aug 29 04:21:12 ns1 in.telnetd[11979]: refused connect from
> 63.145.81.31
> Aug 29 04:21:12 ns1 in.telnetd[11980]: refused connect from
> 63.145.81.31
> Aug 29 04:21:12 ns1 in.telnetd[11981]: refused connect from
> 63.145.81.31
> Aug 29 04:21:12 ns1 in.telnetd[11982]: refused connect from
> 63.145.81.31
> Aug 29 04:21:13 ns1 in.telnetd[11983]: refused connect from
> 63.145.81.31
> Aug 29 04:21:13 ns1 imapd[11984]: refused connect from 63.145.81.31
> Aug 29 04:21:13 ns1 imapd[11988]: refused connect from 63.145.81.31
> Aug 29 04:21:13 ns1 imapd[11987]: refused connect from 63.145.81.31
> Aug 29 04:21:13 ns1 imapd[11985]: refused connect from 63.145.81.31
> Aug 29 04:21:13 ns1 imapd[11986]: refused connect from 63.145.81.31
> Aug 29 04:21:13 ns1 imapd[11989]: refused connect from 63.145.81.31
> Aug 29 04:21:13 ns1 in.telnetd[11990]: refused connect from
> 63.145.81.31
> Aug 29 04:21:13 ns1 in.telnetd[11991]: refused connect from
> 63.145.81.31
> Aug 29 04:21:13 ns1 in.telnetd[11992]: refused connect from
> 63.145.81.31
> Aug 29 04:21:15 ns1 in.telnetd[11993]: refused connect from
> 63.145.81.31
> Aug 29 04:21:15 ns1 imapd[11994]: refused connect from 63.145.81.31
> Aug 29 04:21:16 ns1 imapd[11995]: refused connect from 63.145.81.31
> Aug 29 04:21:16 ns1 imapd[11996]: refused connect from 63.145.81.31
> Aug 29 04:21:16 ns1 imapd[11997]: refused connect from 63.145.81.31
> Aug 29 04:21:16 ns1 in.telnetd[11998]: refused connect from
> 63.145.81.31
> Aug 29 04:21:16 ns1 in.telnetd[11999]: refused connect from
> 63.145.81.31
> Aug 29 04:21:16 ns1 in.telnetd[12000]: refused connect from
> 63.145.81.31
> Aug 29 04:21:16 ns1 in.telnetd[12001]: refused connect from
> 63.145.81.31
> Aug 29 04:21:16 ns1 in.telnetd[12002]: refused connect from
> 63.145.81.31
> Aug 29 04:21:16 ns1 in.telnetd[12003]: refused connect from
> 63.145.81.31
> Aug 29 04:21:19 ns1 in.telnetd[12004]: refused connect from
> 63.145.81.31
>
>
> Not one of my IP's. Don't know anybody using any IP on that network.
> Any suggestions o how to handle this? It's my first attempt at being
> hacked. I have him blocked with wrappers after a telnet attempt a few
> days ago that I thought looked funny. So for now I think I'm ok. I have
> checked me logs and verified nothing has changed on the system. So
> entry wasn't made. Still the attempt is bugging me.
>
> - -----
> Scott Kindley
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.2
>
> iQA/AwUBOav+xdWX5RP8v4x6EQJz1ACg6Nfqhv9GFc+XjLBXgFc4+nh4UqUAnidp
> SCLYRw1deJdSu6VUI4Y4TxEQ
> =kYu/
> -----END PGP SIGNATURE-----
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
