Jeremy Hoover wrote: > Today I was going through my server logs. And I came across this. > > Jan 14 11:46:51 penguin ftp(pam_unix)[7256]: authentication failure; > logname= uid=0 euid=0 tty= ruser= rhost=63.240. xxx.xxx > Jan 14 11:46:53 penguin ftpd: 63.240.xxx.xxx: connected: IDLE [snip] > Normally this wouldn't be a problem, get tons of them everyday except this > attempt is coming from one of our Competing Corporations.> On Dec. 26th, I found a syn flood coming from the same ip. What actions > should I take? What kind of legal matters are involved in > this. As I dig deeper, I keep finding connection attempts. There is NO > reason for them to be trying to access our servers. Call your lawyers. And remember not to take legal advice from random people over the Internet :) \a -- ===( Andrew Simmons PGP key: http://pgpkeys.mit.edu ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 13:40:36 PST