Date: Fri, 17 Jan 2003 15:42:10 +0000 (GMT) From: 520023893678-0001@t-online.de (P. U. Kruppa) To: Jim Freeze <jim@freeze.org> Cc: FreeBSD Questions <FreeBSD-questions@FreeBSD.ORG> Subject: Re: Possible attack? Message-ID: <20030117153728.C34734@small.pukruppa.de> In-Reply-To: <20030117093453.A9304@freeze.org> References: <20030117093453.A9304@freeze.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 Jan 2003, Jim Freeze wrote: > Hi: > > I got an interesting log report today. > Has anyone seen such messages lately? > > Jan 14 12:59:52 rabbit /kernel: ipfw: limit 100 reached on entry 64000 > Jan 14 17:39:13 rabbit ftpd[1502]: ANONYMOUS FTP LOGIN REFUSED FROM > p5089A961.dip.t-dialin.net > Jan 14 17:39:13 rabbit ftpd[1503]: ANONYMOUS FTP LOGIN REFUSED FROM > p5089A961.dip.t-dialin.net > Jan 15 12:15:21 rabbit sm-mta[3937]: h0FHFIJI003936: Truncated MIME > Content-Disposition header due to > field size (length = 25) (possible attack) > Jan 15 17:33:03 rabbit ftpd[4434]: ANONYMOUS FTP LOGIN REFUSED FROM > pD9E60C0F.dip.t-dialin.net > Jan 15 17:33:04 rabbit ftpd[4435]: ANONYMOUS FTP LOGIN REFUSED FROM > pD9E60C0F.dip.t-dialin.net > Jan 15 23:59:48 rabbit sm-mta[5210]: h0G4xkJI005209: Truncated MIME > Content-Disposition header due to > field size (length = 22) (possible attack) Now, I don't know if this is something serious, but I can tell you the "attacker" is a client of the german Telekom. Since you know the exact date and time of these events and Telekom has her own logs, he can be identified, if something serious happens. Uli. > > > > -- > Jim Freeze > ---------- > "It's not Camelot, but it's not Cleveland, either." > -- Kevin White, mayor of Boston > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > *-----------------------------------* * Peter Ulrich Kruppa * * - Wuppertal - * * Germany * *-----------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030117153728.C34734>