|
Security Incidents
mailing list archives
Re: [Re: interesting attempt at intrusion] case solved!
From: jlewis () LEWIS ORG (Jon Lewis)
Date: Fri, 31 Dec 1999 00:16:57 -0500
On Thu, 30 Dec 1999, Anonymous wrote:
Before I sit down and start spooning up this large plate of crow, let me
confess that for the past week and a half a youth in a different state
has been trying repeatedly to overflow my telnetd. The best I have seen
so far was this entry:
Dec 21 22:18:37 noc telnetd[4269]: ttloop: peer died: Invalid or
incomplete multibyte or wide character
If you don't know the IP these are coming from yet, you can use
ipfwadm/ipchains to log syns coming from "external" addresses to whatever
ports you're concerned with. That way, no matter how quickly they
terminate the connection, you will see where they came from. I did this
long ago to track down and filter some people attacking (crashing) inetd
on an IRC server.
----------------------------------------------------------------------
Jon Lewis *jlewis () lewis org*| Spammers will be winnuked or
System Administrator | nestea'd...whatever it takes
Atlantic Net | to get the job done.
_________http://www.lewis.org/~jlewis/pgp for PGP public key__________
 By Date 
By Thread
Current thread:
- Re: [Re: interesting attempt at intrusion] case solved! Jon Lewis (Dec 30)
| 
Intro
