Date: Sun, 02 Apr 2000 20:54:52 -0800 From: "Chutima S." <chutima_s@zdnetonebox.com> To: freebsd-security@FreeBSD.ORG Subject: How to deal with intruder? Message-ID: <20000403035452.VVHA21091.mta01.onebox.com@onebox.com>
next in thread | raw e-mail | index | archive | help
Dear all, I'm a new internet admin. I found in security check output routine that many people try to connect to my server: Mar 3 18:56:45 mail inetd[2409]: refused connection from p62-bkkSP1.C.loxinfo.net.th, service popper (tcp) Mar 3 18:58:05 mail inetd[2411]: refused connection from p62-bkkSP1.C.loxinfo.net.th, service tcpd (tcp) Mar 3 18:59:11 mail inetd[2412]: refused connection from p62-bkkSP1.C.loxinfo.net.th, service popper (tcp) Mar 3 19:01:38 mail inetd[2426]: refused connection from p62-bkkSP1.C.loxinfo.net.th, service popper (tcp) Mar 3 19:11:32 mail inetd[2439]: refused connection from p62-bkkSP1.C.loxinfo.net.th, service popper (tcp) Mar 3 19:21:33 mail inetd[2451]: refused connection from p62-bkkSP1.C.loxinfo.net.th, service popper (tcp) Mar 17 12:48:14 mail inetd[32549]: refused connection from 210.71.232.99, service tcpd (tcp) Mar 17 12:48:16 mail inetd[32551]: refused connection from 210.71.232.99, service tcpd (tcp) Mar 18 10:40:24 mail inetd[34770]: refused connection from l238ppp099.ksc.net.th, service tcpd (tcp) Mar 18 10:40:24 mail inetd[34771]: refused connection from l238ppp099.ksc.net.th, service tcpd (tcp) Mar 18 10:40:24 mail inetd[34772]: refused connection from l238ppp099.ksc.net.th, service tcpd (tcp) Mar 18 10:40:24 mail inetd[34773]: refused connection from l238ppp099.ksc.net.th, service tcpd (tcp) Mar 18 10:41:27 mail inetd[34775]: refused connection from l238ppp099.ksc.net.th, service tcpd (tcp) Mar 18 10:41:41 mail inetd[34777]: refused connection from l238ppp099.ksc.net.th, service tcpd (tcp) Apr 2 14:48:11 mail inetd[69483]: refused connection from root@203.107.227.2, service tcpd (tcp) Apr 2 14:48:11 mail inetd[69484]: refused connection from root@203.107.227.2, service tcpd (tcp) That really scare me!!! I don't know how to deal with them. So I want your advice for : 1. Should I try to contact anybody(admin at those server)? 2. How can I trace them back to know are they? Thank you, -- Chutima Subsirin chutima_s@zdnetonebox.com - email ___________________________________________________________________ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000403035452.VVHA21091.mta01.onebox.com>