[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Hacking attempts on certain port what is thisused for?
- Subject: RE: [cobalt-users] Hacking attempts on certain port what is thisused for?
- From: "GPS" <gps@xxxxxxxxxxxxxx>
- Date: Thu Feb 22 03:41:08 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
>I get a slightly different message on port 111, see below. ( a whois piped
>out through sendmail I think?)
>Been getting 3 or so of these each day (from different IPs).
>
>Feb 21 21:35:54 www portsentry[1233]: attackalert: Connect from host:
>willow.cc.uic.edu/128.248.155.163 to TCP port: 111
>Feb 21 21:35:55 www portsentry[1233]: attackalert: External command run for
>host: 128.248.155.163 using command: "/usr/local/bin/whois 128.248.155.163 |
>mail -s "
>Feb 21 21:35:55 www portsentry[1233]: attackalert: Host 128.248.155.163 has
>been blocked via wrappers with string: "ALL: 128.248.155.163"
>Feb 21 21:35:55 www portsentry[1233]: attackalert: Host 128.248.155.163 has
>been blocked via dropped route using command: "/sbin/route add -host
>128.248.155.163 reject"
>
>Gotta love portsentry.
>Now if I could just figure out how to *not* clear out the hosts.deny file
>when I reboot, I'd be all set. ;)
>
>CarrieB
uic.edu hit me a few hundred times today on 111.
They must be a mess there...their NetAdmin and abuse addresses forward
to their UnixGroup ListServ which bounces you because you're not subscribed.
Did I miss something or does it seem that there's sometype of Global Hacker Armageddon
going on now?