From owner-freebsd-chat Fri Feb 23 16:52:31 2001 Delivered-To: freebsd-chat@freebsd.org Received: from apotheosis.org.za (apotheosis.org.za [137.158.128.27]) by hub.freebsd.org (Postfix) with ESMTP id 7056D37B491 for ; Fri, 23 Feb 2001 16:52:27 -0800 (PST) (envelope-from mwest@uct.ac.za) Date: Sat, 24 Feb 2001 02:52:03 +0200 From: Matthew West To: Andre Goeree Cc: chat@freebsd.org Subject: Re: When will script kiddies ever learn? Message-ID: <20010224025203.A97408@apotheosis.org.za> References: <20010224014042.A39092@mandark.attica.home> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010224014042.A39092@mandark.attica.home>; from "Andre Goeree" on Sat, Feb 24, 2001 at 01:40:42AM Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Feb 24, 2001 at 01:40:42AM +0100, Andre Goeree wrote: > Nice, look what happened while fetching ports: > > Feb 24 01:17:24 mandark /kernel: ipfw: 2200 Deny TCP 205.241.169.135:80 213.227.140.238:2049 in via tun0 > Feb 24 01:17:36 mandark last message repeated 4 times > > Script kiddies? Who else would be stupid enough to look for a nfs > server. Hrm, 205.241.169.135 resolves to ns2.davidv.net, which, if you point your browser to it, has quite a FreeBSD centric web page. Are you sure you weren't perhaps fetching port distfiles from there somewhere? Or just browsing the page? If you weren't, then you might want to drop the domain owner a note that his machine's being used to do scans. Judging by it's name, my money's on them having used a bind exploit to get in. I can't get an answer from the machine with "dig" though. -- mwest@uct.ac.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message