[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] IP listed as restricted doing Whois from samspade.org

Subject: Re: [cobalt-security] IP listed as restricted doing Whois from samspade.org
From: "Rodolfo J. Paiz" <rpaiz@xxxxxxxxxxxxxx>
Date: Wed, 20 Jun 2001 10:43:47 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

At 6/20/01 11:11 AM +1000, you wrote:

Thanks for the above URL, I ran another IP that FTP'd into my RAQ
(crc.xnet.ro[217.10.198.254]). It reports back with the below


As for your subject line, the only "restricted" mentions in the answer are:

* Rights restricted by copyright.

* Use of this information is restricted to Internetoperational purposes;you may not use this data for targeted advertising or other purposes.

that bad part
is I don't have any customers in Romania, so now I am on the hunt to chase
what they may have done in the 5 mins they were FTP'd in. How do I tell what
user they FTP in with? I know how to ps, ps aux, top, who etc. But I am an
amateur here and need all the help I can get.


/var/log/messages
/var/log/xferlog

Don't know much more to tell you.


--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx

References:
- [cobalt-security] IP listed as restricted doing Whois from samspade.org
  - From: Todd Kirk

Prev by Date: Re: [cobalt-security] SMTP Auth - from address
Next by Date: [cobalt-security] Strange SSL problem
Previous by thread: RE: [cobalt-security] IP listed as restricted doing Whois from samspade.org
Next by thread: Auto-Reply to: RE: [cobalt-security] Logcheck,

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index