Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Need help.

From: mlovett () WARRIOR MGC PEACHNET EDU (Melissa Lovett)
Date: Wed, 5 Jul 2000 15:54:13 -0400

The following appeared in the router event log.  It appears that someone
used FTP to do something, but I can't figure out anything.  I have never
seen anything like this in the log files before.  I traced the address back
to the UK.  Any ideas?

# 316: 07/01/00 04:43:23 DEBUG  SLOT  3 GAME  Event Code: 77
GID_CB: gate 0x060ea @ 0x3160b3f6 (RD=76678687) - gid_add:
ADDING NEW SEGMENT
   free: head=0x00208 tail=0x00000->0x1ffff/0x002ff (cnt=248)
   curr: head=0x001c2 tail=0x000f0->0x00000/0x000f0 (cnt=150)
   next: head=0x00033 tail=0x001c3->0x00000/0x001c3 (cnt=113)

# 317: 07/01/00 04:43:29 DEBUG  SLOT  3 TCP  Event Code: 14
TCP Open req: 16x.xx.xxx.x,21 - 194.117.155.79,4654 TCB: 0x31558260

# 318: 07/01/00 04:43:29 DEBUG SLOT  3 IP    Event Code: 38
Interface 16x.xx.xxx.x: TCP port 21 to remote port 4654 allocated

# 319: 07/01/00 04:43:29 INFO  SLOT  3 TCP   Event Code:  6
TCP Opened: 16x.xx.xxx.x,21 - 194.117.155.79,4654 TCB: 0x31558260

# 320: 07/01/00 04:43:33 DEBUG  SLOT  3 IP   Event Code: 39
Interface 16x.xx.xxx.x: TCP port 21 to remote port 4654 deallocated

# 321: 07/01/00 04:46:47 INFO  SLOT  3 IP   Event Code: 28
IP Traffic Filter - Rule 16, Interface 16x.xx.xxx.x, Circuit 7 (Drop packet)

# 322: 07/01/00 04:56:49 INFO  SLOT  3 IP  Event Code:  0
The previous event on slot 3 repeated 2 time(s).  [Code 28]

# 323: 07/01/00 04:58:32 DEBUG  SLOT  3 FTP  Event Code: 55
FTP debug message 827687520 - Error (15) in xmiting tcp buffer to the client.
FTP debug message 829054800 - TCP Connection closed.

Thanks,

Melissa Lovett
Middle Georgia College
Network Services
Previous By Date Next
Previous By Thread Next

Current thread: