Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Another request for passwords
From: brett () sccsi com (Brett Watson)
Date: Tue, 25 Oct 1994 13:19:07 -0500 (CDT)


christopher williams

Charles Howes wrote:
Event one: A user at umn.edu forges mail (supposedly from helix.net).
Event two: A user at helix.net forges mail (supposedly from sfu.ca).

have any of the sites that received the request for /etc/passwd mail 
from helix.net noticed any finger connects from usis.com?  today, i've 
noticed an inordinate amount of fingerd connects from usis.com -- more 
than 2700 in the last 24 hours, but strangely enough, scant few in the 
days before the past 24-hour period (4-7 a day before today).

i've notified usis.com, but haven't heard from them yet. 

  Internet provider in Houston.  They've been hitting Neosoft.com with
"lptest" output, packet after packet.  That's the word from the admin
at Neosoft.  I know that admin at Usis.com but haven't talked to him
yet.

  Many Sesquinet customers here in Houston and Texas have been hit but
finger and mail bombers in the last few days.  Several other sites in
the US have reported fingers from Usis.com.

  Notify mbarnes () usis com about the finger attempts.

-brett



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]