[ale] Hack Attempt

[Jim Popovitch]

LOL! That's not an attack, that's DNS updates/queries.  You must have bind
(named) running on that box.

-Jim P.

> -----Original Message-----
> From: Stephen F Nicholas [mailto:syssfn at panther.Gsu.EDU]
> Sent: Sunday, September 29, 2002 12:47 AM
> To: ale at ale.org
> Subject: [ale] Hack Attempt
>
>
> Hello All,
> I'm sitting here watching someone trying to break into my
> machine.  ipchains is denying the packets.  This is not his/her first
> attempt and the box, so far is secure.  They must be spoofing the address,
> as nslookup and other tools return nothing.  Box is RH 7.2 patched for
> what I offer (not much).  See Below:
>
> Sep 29 00:35:40 leroy kernel: Packet log: input DENY eth0 PROTO=17
> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=80 F=0x0000 T=128 (#9)
> Sep 29 00:35:44 leroy kernel: Packet log: input DENY eth0 PROTO=17
> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=81 F=0x0000 T=128 (#9)
> Sep 29 00:35:52 leroy kernel: Packet log: input DENY eth0 PROTO=17
> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=82 F=0x0000 T=128 (#9)
> Sep 29 00:36:07 leroy kernel: Packet log: input DENY eth0 PROTO=17
> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=83 F=0x0000 T=128 (#9)
> Sep 29 00:38:25 leroy su(pam_unix)[2597]: session closed for user root
> Sep 29 00:40:59 leroy kernel: Packet log: input DENY eth0 PROTO=17
> 169.254.254.19:138 169.254.255.255:138 L=229 S=0x00 I=84 F=0x0000 T=128
> (#11)
> Sep 29 00:41:17 leroy kernel: Packet log: input DENY eth0 PROTO=17
> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=85 F=0x0000 T=128 (#9)
> Sep 29 00:41:21 leroy kernel: Packet log: input DENY eth0 PROTO=17
> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=86 F=0x0000 T=128 (#9)
> Sep 29 00:41:30 leroy kernel: Packet log: input DENY eth0 PROTO=17
> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=87 F=0x0000 T=128 (#9)
> Sep 29 00:41:47 leroy kernel: Packet log: input DENY eth0 PROTO=17
> 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=88 F=0x0000 T=128 (#9)
>
>
> So far, just annoying, but....
> Thoughts, concerns...
>
> Steve
>
> =======================================================
> | Steve Nicholas             |                        |
> | Software Systems Engineer  |  A risk is not a risk  |
> | Georgia State University   |  until it is taken.    |
> | snicholas at gsu.edu          |                        |
> | 404-651-1062               |  BBROYGBVGW            |
> =======================================================
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info.
> Problems should be
> sent to listmaster at ale dot org.
>
>



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.