On Thu, 30 Dec 1999, Anonymous wrote:
> Before I sit down and start spooning up this large plate of crow, let me
> confess that for the past week and a half a youth in a different state
> has been trying repeatedly to overflow my telnetd. The best I have seen
> so far was this entry:
>
> Dec 21 22:18:37 noc telnetd[4269]: ttloop: peer died: Invalid or
> incomplete multibyte or wide character
If you don't know the IP these are coming from yet, you can use
ipfwadm/ipchains to log syns coming from "external" addresses to whatever
ports you're concerned with. That way, no matter how quickly they
terminate the connection, you will see where they came from. I did this
long ago to track down and filter some people attacking (crashing) inetd
on an IRC server.
----------------------------------------------------------------------
Jon Lewis *jlewis_at_lewis.org*| Spammers will be winnuked or
System Administrator | nestea'd...whatever it takes
Atlantic Net | to get the job done.
_________http://www.lewis.org/~jlewis/pgp for PGP public key__________
Received on Dec 31 1999
Intro
