[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SV: [cobalt-security] Should I be worried?
- Subject: SV: [cobalt-security] Should I be worried?
- From: "Kai Schantz, Euroweb" <kai@xxxxxxxxxx>
- Date: Mon, 25 Jun 2001 16:35:36 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Yes You Should be worry if you had seen me question obout mystery zone
transfers from my cobalt to a Belgium IP. This should not been posible
becuse i have defined who can get nametransfers (only my other servers). And
why want a beligium server with our norwegian zones.?
The worst part for me and you, is that as you can see (in my zonetransfers)
your Ftp comes from the same IP as mine Zone tranfers. I think we here are
dealing with one who have a succsesfull hack recipe on cobalt raq4!! And is
atacking world-wide.
Kai Schantz
euroweb as
Norway
Jun 20 14:51:15 www named[555]: approved AXFR from
[212.68.195.60].2356 for
"cats.no"
Jun 20 14:51:15 www named[555]: zone transfer (AXFR) of "cats.no" (IN) to
[212.68.195.60].2356
Hello,
I have installed IPChains, Portsentry, Logcheck on my Raq 4 server. I am no
genious when it comes to security! Today I received the following with
Logcheck. I have no customers etc. in Belgium(be)!
Thanks,
Declan.
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Jun 25 11:56:21 ns proftpd[14227]: 212.67.197.38
(212.68.195.60.brutele.be[212.68.195.60]) - FTP session opened.
Jun 25 11:56:22 ns proftpd[14228]: ns.achieve-it.com
(212.68.195.60.brutele.be[212.68.195.60]) - FTP session opened.
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security