From owner-freebsd-security Fri Jun 1 8:55:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from yez.hyperreal.org (dsl027-182-008.sea1.dsl.speakeasy.net [216.27.182.8]) by hub.freebsd.org (Postfix) with SMTP id E40C637B422 for ; Fri, 1 Jun 2001 08:55:28 -0700 (PDT) (envelope-from brian@collab.net) Received: (qmail 2756 invoked by uid 1000); 1 Jun 2001 15:56:44 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 1 Jun 2001 15:56:44 -0000 Date: Fri, 1 Jun 2001 08:56:44 -0700 (PDT) From: Brian Behlendorf X-X-Sender: To: Dag-Erling Smorgrav Cc: "Karsten W. Rohrbach" , Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 1 Jun 2001, Dag-Erling Smorgrav wrote: > Brian Behlendorf writes: > > The shell machine at SF didn't have reverse DNS (or at least it wasn't > > recorded in the wtmp), so you might want to look for 216.136.171.252 (the > > machine our friend came in from) or maybe even 216.136/24. > > I hope you meant 216.136.171/24, and not 216.136/16: Er, yeah; preferably someone could get a list of IP addresses SF.net has ever had public shell machines on. > Oh, and .252 does have reverse DNS: > > des@des ~% host 216.136.171.252 > 252.171.136.216.IN-ADDR.ARPA domain name pointer usw-sf-fw2.sourceforge.net OK, but it wasn't recorded in my wtmp, so I suspect it might not get recorded in others'. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message