[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] IP listed as restricted doing Whois from samspade.org
- Subject: Re: [cobalt-security] IP listed as restricted doing Whois from samspade.org
- From: "Rodolfo J. Paiz" <rpaiz@xxxxxxxxxxxxxx>
- Date: Wed, 20 Jun 2001 10:43:47 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
At 6/20/01 11:11 AM +1000, you wrote:
Thanks for the above URL, I ran another IP that FTP'd into my RAQ
(crc.xnet.ro[217.10.198.254]). It reports back with the below
As for your subject line, the only "restricted" mentions in the answer are:
* Rights restricted by copyright.
* Use of this information is restricted to Internetoperational purposes;
you may not use this data for targeted advertising or other purposes.
that bad part
is I don't have any customers in Romania, so now I am on the hunt to chase
what they may have done in the 5 mins they were FTP'd in. How do I tell what
user they FTP in with? I know how to ps, ps aux, top, who etc. But I am an
amateur here and need all the help I can get.
/var/log/messages
/var/log/xferlog
Don't know much more to tell you.
--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx