[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Port scan originating from cobalt.com

Subject: Re: [cobalt-users] Port scan originating from cobalt.com
From: Peter Batenburg <peter@xxxxxxxxxx>
Date: Mon May 21 04:03:12 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Could be:

% finger admin@xxxxxxxxxxxxxx
[64.224.123.177]
Login: admin                            Name: Administrator
Directory: /home/sites/home/users/admin Shell: /bin/bash
Last login Tue Apr 24 20:25 (EDT) on 0 from firewall.cobalt.com
No mail.
No Plan.

Connected to mail.skublin.cobalt.com.
Escape character is '^]'.

Cobalt Linux release 5.0 (Pacifica)
Kernel 2.2.14C5 on an i586

A very old kernel for a raq3

220 ProFTPD 1.2.0pre9 Server (ProFTPD) [widbr0011atl2.interland.net]

Old proftpd

Seems like a box that has not been updated in a long time and not on thecobalt network.I see that port 110 (pop3) and 143 (imap) are not open. Maybe someone gotin that way?


At 13:38 21-5-2001 -0400, you wrote:

Do you suppose they have been hacked or wht?

May 21 11:21:51 www portsentry[28254]: attackalert: SYN/Normal scan from
host: mail.skublin.cobalt.com/64.224.123.177 to TCP port: 111

References:
- [cobalt-users] Port scan originating from cobalt.com
  - From: Michael Schumacher

Prev by Date: Re: [cobalt-users] Cute Hack attempt from a hacked cobalt.com machine
Next by Date: [cobalt-users] inetd.conf
Previous by thread: [cobalt-users] Port scan originating from cobalt.com
Next by thread: [cobalt-users] Regarding admin with no Privs on FTP

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index