Re: Connection Attempts

From: Andrew Simmons (andrewat_private)
Date: Tue Jan 15 2002 - 09:56:32 PST

  • Next message: Patrick Patterson: "Re: Trojans that use LDAP"

    Jeremy Hoover wrote:
    > Today I was going through my server logs.  And I came across this.
    > 
    > Jan 14 11:46:51 penguin ftp(pam_unix)[7256]: authentication failure;
    > logname= uid=0 euid=0 tty= ruser= rhost=63.240. xxx.xxx
    > Jan 14 11:46:53 penguin ftpd: 63.240.xxx.xxx: connected: IDLE
    [snip]
    
    > Normally this wouldn't be a problem, get tons of them everyday except this
    > attempt is coming from one of our Competing Corporations.> On Dec. 26th, I found a syn flood coming from the same ip.   What actions
    > should I take?  What kind of legal matters are involved in
    > this.  As I dig deeper, I keep finding connection attempts.  There is NO
    > reason for them to be trying to access our servers.
    
    
    Call your lawyers. And remember not to take legal advice from random 
    people over the Internet :)
    
    \a
    -- 
    ===( Andrew Simmons     PGP key: http://pgpkeys.mit.edu
    
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Jan 15 2002 - 13:40:36 PST