[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Check this one out

Subject: [cobalt-users] Check this one out
From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
Date: Fri Mar 16 22:37:04 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Check this one out. Hits my port 111, then tries coming in to ftp with the
login 'ftp', then I get a warning about the hosts.deny file.
What ya think?
CarrieB

Normal Log Stuff:
Mar 16 19:15:01 www proftpd[13678]: www.allaboutchoice.com
(localhost[127.0.0.1]) - FTP session closed.
Mar 16 19:15:12 www portsentry[1261]: attackalert: Connect from host:
www.classifieds.com/207.86.127.210 to TCP port: 111
Mar 16 19:15:12 www proftpd[13708]: www.allaboutchoice.com
(www.classifieds.com[207.86.127.210]) - no such user 'ftp'
Mar 16 19:15:12 www last message repeated 4 times
Mar 16 19:15:12 www proftpd[13708]: www.allaboutchoice.com
(www.classifieds.com[207.86.127.210]) - USER ftp (Login failed): Can't find
user.
Mar 16 19:15:12 www proftpd[13708]: www.allaboutchoice.com
(www.classifieds.com[207.86.127.210]) - FTP session closed.
Mar 16 19:15:13 www portsentry[1261]: attackalert: External command run for
host: 207.86.127.210 using command: "/usr/local/bin/whois 207.86.127.210 |
mail -s AttackAlertWhois alert5"
Mar 16 19:15:13 www portsentry[1261]: attackalert: Host 207.86.127.210 has
been blocked via wrappers with string: "ALL: 207.86.127.210"
Mar 16 19:15:13 www portsentry[1261]: attackalert: Host 207.86.127.210 has
been blocked via dropped route using command: "/sbin/route add -host
207.86.127.210 reject"
Mar 16 19:15:01 www in.proftpd[13678]: connect from localhost
Mar 16 19:15:03 www imapd[13679]: connect from localhost
Mar 16 19:15:12 www in.proftpd[13708]: warning: /etc/hosts.deny, line 124:
host name/address mismatch: 207.86.127.210 != www.classifieds.com
Mar 16 19:15:12 www in.proftpd[13708]: connect from 207.86.127.210

Attack Alert Section:
Mar 16 19:15:12 www portsentry[1261]: attackalert: Connect from host:
www.classifieds.com/207.86.127.210 to TCP port: 111
Mar 16 19:15:13 www portsentry[1261]: attackalert: External command run for
host: 207.86.127.210 using command: "/usr/local/bin/whois 207.86.127.210 |
mail -s AttackAlertWhois alert5"
Mar 16 19:15:13 www portsentry[1261]: attackalert: Host 207.86.127.210 has
been blocked via wrappers with string: "ALL: 207.86.127.210"
Mar 16 19:15:13 www portsentry[1261]: attackalert: Host 207.86.127.210 has
been blocked via dropped route using command: "/sbin/route add -host
207.86.127.210 reject"

Follow-Ups:
- Re: [cobalt-users] Check this one out
  - From: Zahid N. Sindhu
- Re: [cobalt-users] Check this one out
  - From: Jonathan Nichols

Prev by Date: Re: [cobalt-users] recommendation needed
Next by Date: Re: [cobalt-users] Check this one out
Previous by thread: [cobalt-users] 6.1 update killed our backup script
Next by thread: Re: [cobalt-users] Check this one out

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index