On Fri, 18 Jul 2003, Tina Bird wrote: > Jul 18 15:45:29 mymachine.example.com 16109: Jul 18 15:45:28.060: > %SEC-6-IPACCESSLOGNP: list 125 denied 55 abc.abc.abc.abc (POS4/1 ) -> > 130.59.104.116, 1 packet It's worth noting that the circulating exploit code spoofs abc.abc.abc.abc, so the addresses won't be the real attacker's address. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts@patriot.net which may have no basis whatsoever in fact." probertson@trusecure.com Director of Risk Assessment TruSecure Corporation _______________________________________________ LogAnalysis mailing list LogAnalysis@lists.shmoo.com http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Jul 21 2003 - 13:16:54 PDT