IP 209.10.41.242

To: ftpmaster@debian.org
Cc: debian-project@lists.debian.org
Subject: IP 209.10.41.242
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Wed, 22 Aug 2001 16:18:37 -0400
Message-id: <[🔎] 200108222018.f7MKIbD04838@marajade.sandelman.ottawa.on.ca>

-----BEGIN PGP SIGNED MESSAGE-----

  
  This is one of the IP addresses of http.us.debian.org.

  My ISP reports over a 1GB of data transfered from it to 192.139.46.28
which is one of my debian boxes (behind a NetBSD firewall).

  I do not see anything strange about the box (but, I could be patched). I
just went to look to see if dpkg had some tripwire equivalent built in (not
that I can see so far) to verify the system.

  When I went to update, that is when I discovered that 209.10.41.242 was
http.us.debian.org, since my tcpdump elsewhere showed it. I did install 
another box (.26) on Monday.
  The ports that my ISP's netflow logs report are all <1024. (On both ends)

  Whether or not my box has been infiltrated is an open question.
  Could 209.10.41.242 have been compromised?

  (finger for PGP key)

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

  

  
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.5.6, an Emacs/PGP interface

iQCVAwUBO4QTj4qHRg3pndX9AQG3RAP9EI3qgOgCdgS7WZ9z6yvGaMBgBQ9ZF3V6
6HHavSou5VRoihaHOT66dweJoSTFURV6bJtxLLvjKjnunC8Utnt039jyM96VRvKJ
BWmiMXMxmb1BwGo/Eg+UhL2veGgtzVHwVXG2OtCuNMybvaDSSZj6hQje3z+3OKXv
wXsU/7JQrSw=
=vc4Z
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Re: Woody Go Live
Next by Date: Re: Debian GNU/Linux in a Human Rights environment?
Previous by thread: Re: Woody Go Live
Next by thread: Request
Index(es):
- Date
- Thread