Re: rsync attempts?

To: debian-security@lists.debian.org
Subject: Re: rsync attempts?
From: George Georgalis <george@galis.org>
Date: Fri, 5 Dec 2003 20:22:38 -0500
Message-id: <[🔎] 20031206012238.GA2946@trot.local>
In-reply-to: <[🔎] 16337.5077.823934.712531@proizd.camtp.uni-mb.si>
References: <[🔎] 16337.5077.823934.712531@proizd.camtp.uni-mb.si>

On Sat, Dec 06, 2003 at 12:25:09AM +0100, Igor Mozetic wrote:
>
>I see repeated attempts to connect to my public rsync Debian server:
>
>Dec  6 00:20:01 rsync connection attempt from 217.21.40.1 (217.21.40.1:29558->x.x.x.x:873)
>
>rsync and kernel are patched, but I wonder if there is anything
>one can do to identify/catch/??? a potential intruder.

some ISPs will respond to complaints, if their customers ar staging
attacks, most don't, you will want to script some kind of reporting
tool, use whois to find the owner of the subnet... in this case they may
do something about it: "Belarusian State University"

There is aris too:

Package: aris-extractor
Priority: optional
Section: admin
Installed-Size: 164
Maintainer: Matt Zimmerman <mdz@debian.org>
Architecture: i386
Version: 1.6.2-4
Depends: debconf, libc6 (>= 2.2.4-4), libcurl2-ssl (>= 7.9.5-1), libssl0.9.6, libstdc++2.10-glibc2.2
Recommends: snort
Filename: pool/main/a/aris-extractor/aris-extractor_1.6.2-4_i386.deb
Size: 38072
MD5sum: 7e95297b99c3725d60c94f8a24acebb0
Description: Scan system logs for security incidents and report them to ARIS
 The Attack Registry and Intelligence Service (ARIS) is a free,
 user-integrated attack-trending system hosted by SecurityFocus that
 allows administrators and operators of Intrusion Detection Systems
 (IDSs) to track, evaluate and respond to security alerts and attacks
 in a proactive manner.
 .
 As an integral piece of the ARIS Analzyer service, SecurityFocus's
 open-source ARIS Extractor utility distills data provided by IDS
 attack-list logs to build client portfolios that provide meaningful,
 graphical analysis of potentially malicious network incidents. By
 filtering out insignificant or benign data and converting it to a
 common format (xml), ARIS Extractor streamlines incident reporting
 for both security professionals and home users in a way that allows
 IDS operators to focus only on relevant attacks and
 incidents. Additionally, ARIS Extractor ensures client
 confidentiality through secure file-transfer protocols and optional
 IP address suppression.

// George

-- 
GEORGE GEORGALIS, System Admin/Architect    cell: 646-331-2027    <IXOYE><
Security Services, Web, Mail,            mailto:george@galis.org 
Multimedia, DB, DNS and Metrics.       http://www.galis.org/george

Reply to:

References:
- rsync attempts?
  - From: camtp.guest@uni-mb.si (Igor Mozetic)

Prev by Date: rsync attempts?
Next by Date: Kernel signed binaries
Previous by thread: rsync attempts?
Next by thread: Kernel signed binaries
Index(es):
- Date
- Thread