Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

telnet wierdness

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Tue, 7 Nov 2000 15:06:44 -0500
hi all,

wanted to send along a note about some attempts we saw earlier this
afternoon. a telnet service sweep followed by ARP flooding of the firewall
to attempt to hijack telnet sessions (HUNT style). upstream has been
contacted. (local hostnames changed)

SYSTEM:         63.199.109.187  ( inxproxy.inxcorp.com )

Nov  7 13:37:01 server kernel: TCP connection accepted: ip=63.199.109.187
port=23 uid=0 process=xinetd[50]

Nov  7 13:19:04 4C:sgi1 telnetd[82750]: refused connect from
inxproxy.inxcorp.com

Nov  7 13:35:47 4C:sgi2 telnetd[23327]: refused connect from
inxproxy.inxcorp.com

all times are in US eastern (GMT-5).

jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Previous By Date Next
Previous By Thread Next

Current thread: