Re: NORMAL_ATTACK and HAVY_ATTACK messages

To: Debian Userslist <debian-user@lists.debian.org>
Subject: Re: NORMAL_ATTACK and HAVY_ATTACK messages
From: Martin Bialasinski <martin@internet-treff.uni-koeln.de>
Date: 14 May 1998 13:09:08 +0200
Message-id: <[🔎] 87g1id85yj.fsf@haitech.martin.home>
In-reply-to: Dan Pomohaci's message of "Thu, 14 May 1998 13:42:14 +0300"
References: <[🔎] E0yZvSo-00004e-00@dpc.usab.ro>

>>>>> "DP" == Dan Pomohaci <dan@dpc.usab.ro> writes:

DP> Wich program send e-mail with this warnings in Subject field:
DP> NORMAL_ATTACK from sandwich.math.unibuc.ro - target gw1.usab.ro
DP> or 
DP> HEAVY_ATTACK from sandwich.math.unibuc.ro - target gw1.usab.ro
DP> and how can I get more information about this attack? 

This is courtney.

Check the logfiles in /var/log. Especially auth.log, daemon.log, messages, 
syslog and setuid*

The mail you got also states the day and time, so you can easily extract
the proper entries.

If you see intrusion attempts (like attempts to access via rsh, rlogin ftp,
telnet etc.) at a short time, this is a indicator of a portscanner
programm like satan.

Inform the authorities (root@math.unibuc.ro and root@unibuc.ro should do
it) and send them the relevant parts of your logfile. If they don't react, 
you might want to add math.unibuc.ro to your /etc/hosts.deny. This will
prevent any contact from this domain to inetd services, but security comes 
first.

Ciao,
	Martin


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- NORMAL_ATTACK and HAVY_ATTACK messages
  - From: Dan Pomohaci <dan@dpc.usab.ro>

Prev by Date: apache mailing list for users?
Next by Date: Re: NORMAL_ATTACK and HAVY_ATTACK messages
Previous by thread: NORMAL_ATTACK and HAVY_ATTACK messages
Next by thread: Re: NORMAL_ATTACK and HAVY_ATTACK messages
Index(es):
- Date
- Thread