Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: funky syslog entry

From: ed () XWING CENTIGRAM COM (UnixGeek)
Date: Thu, 29 Jun 2000 07:47:31 -0700

I received same from a host at dslnetworks.net.  Inquiries have gone
unanswered.  BTW, this wasn't picked up by my syslogs(Solaris 7/Sparc),
but by Snort 1.6.

                            Edward Mitchell
        Centigram Unix Geek, BOfH, Network Admin, Darth Sysadmin
                         ed () xwing centigram com
                      http://www.the7thbeer.com/ed
                          Sheepish Lord of Chaos
--------------------------------------------------------------
"Fear leads to anger. Anger leads to hate. Hate leads to using
Windows NT for mission-critical applications."
     -- What Yoda *meant* to say

On Wed, 28 Jun 2000, Sean Michael Whipkey wrote:


klug wrote:


While searching through syslog entries I found this little tid bit.
Others and I, believe its some sort of scan. Any ideas are welcome.
Portmap has sense been removed from this server.

klug

Jun 24 14:39:10 * portmap[27279]:
connect from 193.40.245.45 to dump(): request from unauthorized host


You're not the only one.  I got it on two machines here at work:
Jun 23 23:45:20 riff portmap[53850]: connect from 193.40.245.45 to
dump(): request from unauthorized host
Jun 23 23:51:06 torg portmap[54972]: connect from 193.40.245.45 to
dump(): request from unauthorized host

These machines are on different subnets, too...

The IP address is for an Estonian university.  They never responded to
my e-mails to them about this.

SeanMike

--
SeanMike Whipkey - Geek-a-mondo
"Extra ninjas make any party, family gathering, or war scene tons
more interesting." http://www.ninjahypothesis.com/messenger.htm
ObCompanyPlug: http://www.mrgoodbucks.com/
Previous By Date Next
Previous By Thread Next

Current thread: