Date: Sat, 10 Jun 2000 11:20:28 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Darren Reed <darrenr@reed.wattle.id.au> Cc: security@freebsd.org Subject: Re: cybercop scan from 202.106.149.47 Message-ID: <Pine.NEB.3.96L.1000610111653.4179F-100000@fledge.watson.org> In-Reply-To: <200006100414.OAA04399@avalon.reed.wattle.id.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 10 Jun 2000, Darren Reed wrote: > did anyone else get that syslog message ? NAI's vulnerability scanner, CyberCop, will notify the machine being scanned that the scanning is occurring. When doing so, it chooses a level of emerg, resulting in syslogd sending the message to all users. In recent versions of FreeBSD, I believe the default arguments to syslogd cause it to ignore network-sourced syslog packets (-s?). For whatever reason, freefall's /etc has not been updated to do that. It sounds like someone grabbed a copy of CyberCop and is using it to scan for potential targets, not knowing that it causes bright lights to flash :-). There should also be lots of other evidence of the scan in the system logs. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000610111653.4179F-100000>