Date: Sun, 12 Jul 1998 20:50:26 -0700 From: Ludwig Pummer <ludwigp@bigfoot.com> To: "Hallam Oaks P/L list account" <maillist@oaks.com.au>, "sthaug@nethelp.no" <sthaug@nethelp.no> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: DNS zone xfers from random(?) sites Message-ID: <3.0.3.32.19980712205026.0077b070@mail.plstn1.sfba.home.com> In-Reply-To: <199807130205.MAA22491@mail.aussie.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:05 PM 7/13/98 +1000, Hallam Oaks P/L list account wrote: >ipfw: 4110 Deny TCP 137.166.79.129:1878 139.130.xx.xxx:143 in via tun0 >ipfw: 4110 Deny TCP 137.166.79.129:1878 139.130.xx.xxx:143 in via tun0 >ipfw: 4110 Deny TCP 137.166.79.129:1904 139.130.xx.xxx:110 in via tun0 >ipfw: 4110 Deny TCP 137.166.79.129:1904 139.130.xx.xxx:110 in via tun0 > >Exactly two of each. The total time between the first and last was no more >than 40 seconds. Possibly generated by a program of some sort. No person >outside our site has the authority to access our POP3, IMAP, or TELNET >services. > >Does this pattern of port accesses seem familiar to anyone ? Yup. I've got them in my log going back to early April. I'm only logging and denying POP3 and IMAP, though. And my port checks are separated by 3 seconds. --Ludwig Pummer ludwigp@bigfoot.com ICQ UIN: 692441 http://chipweb.home.ml.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.19980712205026.0077b070>