[ale] possible hack attempt?

jj at spiderone.spiderentertaiment.com jj at spiderone.spiderentertaiment.com
Fri Dec 3 01:46:51 EST 1999


Well just keep your eye open on the ip sources, I get about 10 folks per
day ether trying to telnet, ftp, mail, scans, and all kinds of stuff.. 



On Thu, 2 Dec 1999, smn wrote:

> I saw this in my /var/log/messages:
> Dec  1 12:00:51 smnolde portmap[18350]: connect from 203.251.180.252 to
> dump(): request from unauthorized host
> 
> And in /var/log/secure:
> Dec  1 12:00:34 smnolde in.telnetd[18347]: refused connect from
> bbs.tntnet.co.kr
> Dec  1 12:00:34 smnolde in.ftpd[18348]: refused connect from
> bbs.tntnet.co.kr
> Dec  1 12:00:38 smnolde in.telnetd[18349]: refused connect from
> bbs.tntnet.co.kr
> Dec  1 12:00:52 smnolde in.ftpd[18351]: refused connect from
> bbs.tntnet.co.kr
> Dec  1 12:00:53 smnolde in.ftpd[18352]: refused connect from
> bbs.tntnet.co.kr
> 
> I had his domain .kr in my hosts.deny file so tcp wrappers did it's job
> (I hope!).  Has anyone else seen this guy?  Telnetting to him shows ZIP
> BBS server.  Anyone know about this?
> 
> - Scott
> 






More information about the Ale mailing list