Date: 28 Jun 1999 13:44:52 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Keith Anderson <keith@apcs.com.au> Cc: questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Whats going on please Message-ID: <xzp6748im6j.fsf@flood.ping.uio.no> In-Reply-To: Keith Anderson's message of "Sun, 27 Jun 1999 19:29:12 %2B1000 (EST)" References: <XFMail.990627192912.keith@apcs.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Keith Anderson <keith@apcs.com.au> writes: > <snip> > root@137~#uname -a > FreeBSD 137.132.85.96 3.1-RELEASE FreeBSD 3.1-RELEASE #3: Wed Mar 31 14:59:17 > EST 1999 keith@work.xxx.com.au:/usr/src/sys/compile/WORK i386 > </snip> > > what is the '137.132.85.96' or who It's the machine's hostname. Try typing 'hostname' or 'sysctl -n kern.hostname' and see what it returns. BTW, this IP address belongs to compl-r4.iscs.nus.sg, which seems to be your attacker. My guess is that you typed 'hostname 137.132.85.96' instead of 'host 137.132.85.96' trying to look up the IP address. I can't see any reason for the attacker to change your hostname to his IP address. > Jun 27 19:13:41 work sshd[3005]: fatal: Local: Sorry, you are not allowed to > connect. > Jun 27 19:18:24 work telnetd[3014]: refused connect from compl-r4.iscs.nus.sg > Jun 27 19:18:26 work telnetd[3015]: refused connect from compl-r4.iscs.nus.sg Looks like a 'known services' scan turned down by TCP wrappers. > Jun 27 17:06:59 work popper[1550]: @compl-r4.iscs.nus.sg: -ERR POP EOF received > Jun 27 17:07:00 work popper[1552]: @compl-r4.iscs.nus.sg: -ERR POP EOF received > Jun 27 17:07:03 work popper[1553]: @compl-r4.iscs.nus.sg: -ERR POP EOF received He tried to exploit your POP server. Doesn't seem like he succeeded, but I can't tell for sure. Call the National University of Singapore (+65 8748026) and complain. Don't email or fax; calling them voice forces them to take a decision there and then, whereas email and faxes can be blackholed or answered with form letters. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp6748im6j.fsf>