Security Incidents: RE: Attack attempts from 195.86.128.45

["NESTING, DAVID M (SBCSI)" <dn3723 () sbc com>]

I might also suggest that you try to identify *why* they are targeting your
system.  It could be completely random, but if it's targeted at one specific
IP address and ignoring all others on your subnet, they may have a reason,
and that reason might lead you to an existing compromise you didn't know
about, or user activity on the system (e.g. belligerent IRC kiddies) that
you might want to curb.

-----Original Message-----
From: KoRe MeLtDoWn [mailto:koremeltdown () hotmail com] 
Sent: Tuesday, 06 May, 2003 22:45
To: csl () sublevel3 org; incidents () securityfocus com
Subject: Re: Attack attempts from 195.86.128.45

> Perhaps now might be a 
> wise time to conduct an audit, to find any holes before whoever is looking
> for them outside of your organisation does...
> After that the best advice would be to stay alert, and monitor your
gateway 
> logs closely.
----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------