Security Incidents mailing list archives
Strange logs and scans.
From: rgg () SOLARIUM CS BUAP MX (Lic. Rodolfo Gonzalez Gonzalez)
Date: Wed, 17 May 2000 11:57:45 -0500
Hi, just got this log in one of my RedHat 6.2 boxes: May 3 18:56:37 equinoxe PAM_pwdb[21654]: check pass; user unknown May 3 18:56:38 equinoxe gdm[21654]: Couldn't authenticate with jkikjeans May 3 18:56:41 equinoxe gdm[21654]: Couldn't authenticate I wonder, is it an exploit?. Then I got a scan to port 513 (TCP), coming from a "trusted" machine. And a new scan: May 16 10:10:14 equinoxe abacus_sentry[711]: attackalert: UDP scan from host: 169.254.210.20/169.254.210.20 to UDP port: 67 Anyway, scans are so common, but the first message seems strange to me. Regards, Rodolfo.
Current thread:
- Re: Korea a classic ? was: IP blacklist Doglus Cho (May 15)
- Re: Korea a classic ? was: IP blacklist Jens Hektor (May 16)
- Re: Korea a classic ? was: IP blacklist Russell Fulton (May 16)
- Re: Korea a classic ? was: IP blacklist Jane DelFavero (May 18)
- Re: Korea a classic ? was: IP blacklist Russell Fulton (May 16)
- Strange logs and scans. Lic. Rodolfo Gonzalez Gonzalez (May 17)
- Re: Strange logs and scans. * * (May 19)
- While we're on viruses... Keith McCammon (May 19)
- <Possible follow-ups>
- Re: Korea a classic ? was: IP blacklist Doglus Cho (May 16)
- Re: Korea a classic ? was: IP blacklist Cho, Douglas (May 17)
- Re: Korea a classic ? was: IP blacklist Jens Hektor (May 16)