Date: Wed, 15 Dec 2004 18:55:20 -0500 (EST) From: John Von Essen <john@essenz.com> To: hackers@freebsd.org Subject: brute3.tar.gz Message-ID: <20041215184645.B79679@beck.quonix.net>
next in thread | raw e-mail | index | archive | help
Sort of off topic, but thought people here would be interested. MCI contacted me today because one of my systems is doing ssh logins (failed) to a box they have no right ssh-ing into. After some packet analysis, its clear that something is inside my network. The only solid evidence I have is a machine behind one of my gateways (BigIP) was trying to download a file called brute3.tar.gz via HTTP from 64.40.108.77. The download was unsuccessful. Whatever this thing is, its tricky. It only runs a few times a day, so it is tough to find the culprit source with ethereal unless I run ethereal all day. In packet capture mode. Any thoughts? Has anyone heard of anything like this? -john
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041215184645.B79679>