[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Getting Massive Attacks
- Subject: Re: [cobalt-users] Getting Massive Attacks
- From: "Richard Donahue" <Richard.Donahue@xxxxxxxxxxxxxx>
- Date: Fri May 3 10:49:24 2002
- Organization: EBS & DakotaMade.com
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
----- Original Message -----
From: "Rick" <rick@xxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, May 03, 2002 11:44 AM
Subject: RE: [cobalt-users] Getting Massive Attacks
> Well.. i have done that but, the attack still continues...
>
> Kindly Help :)
>
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Andy Brown
> Sent: Friday, May 03, 2002 11:58 PM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-users] Getting Massive Attacks
>
>
> <snip>
> >
> > May 3 21:35:59 dom3 proftpd[3199]: 202.126.189.11
> > (adsl72.dyn226.pacific.net.sg[210.24.226.72]) - no such user
> > 'bye' May 3 21:35:59 dom3 proftpd[3199]: 202.126.189.11
> > (adsl72.dyn226.pacific.net.sg[210.24.226.72]) - no such user
> > 'bye' May 3 21:40:38 dom3 proftpd[3199]: 202.126.189.11
> > (adsl72.dyn226.pacific.net.sg[210.24.226.72]) - FTP login
> > timed out, disconnected. May 3 21:58:49 dom3 pidof[5146]:
> > can't read sid from /proc/5034/stat
> >
> > could 210.24.226.72 be the attacked hitting me ?
> </snip>
>
> Very possible, although the incorrect user of 'bye' suggests somebody
> trying to disconnect to me, as that's the ftp command for signing off.
>
> Firewall the machine for peace of mind:
>
> /sbin/ipchains -I input -s 210.24.226.72 -j DENY
>
> (Assuming ipchains is installed, if not then use:
> /sbin/route add -host 210.24.226.72 reject )
>
>
> Regards,
>
> Andy
> andy@xxxxxxxxxxxxxxxxxxxxx
> HOWTO's PKGs and info --> http://www.raqpak.com/ <-- for Qube and Raq
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
That address has a MS IIS server running. Lots of stuff about God and the
bible.
-RD
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002