[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Getting Massive Attacks
- Subject: RE: [cobalt-users] Getting Massive Attacks
- From: "Rick" <rick@xxxxxxxxxxxx>
- Date: Fri May 3 09:57:51 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Well.. i have done that but, the attack still continues...
Kindly Help :)
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Andy Brown
Sent: Friday, May 03, 2002 11:58 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] Getting Massive Attacks
<snip>
>
> May 3 21:35:59 dom3 proftpd[3199]: 202.126.189.11
> (adsl72.dyn226.pacific.net.sg[210.24.226.72]) - no such user
> 'bye' May 3 21:35:59 dom3 proftpd[3199]: 202.126.189.11
> (adsl72.dyn226.pacific.net.sg[210.24.226.72]) - no such user
> 'bye' May 3 21:40:38 dom3 proftpd[3199]: 202.126.189.11
> (adsl72.dyn226.pacific.net.sg[210.24.226.72]) - FTP login
> timed out, disconnected. May 3 21:58:49 dom3 pidof[5146]:
> can't read sid from /proc/5034/stat
>
> could 210.24.226.72 be the attacked hitting me ?
</snip>
Very possible, although the incorrect user of 'bye' suggests somebody
trying to disconnect to me, as that's the ftp command for signing off.
Firewall the machine for peace of mind:
/sbin/ipchains -I input -s 210.24.226.72 -j DENY
(Assuming ipchains is installed, if not then use:
/sbin/route add -host 210.24.226.72 reject )
Regards,
Andy
andy@xxxxxxxxxxxxxxxxxxxxx
HOWTO's PKGs and info --> http://www.raqpak.com/ <-- for Qube and Raq
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users