[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>

Subject: Re: [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>
From: "Roy A. Urick" <roy.urick@xxxxxxxxxxxxxxxx>
Date: Tue, 25 Dec 2001 21:20:03 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I'd say step one is to contact compuserve with your logs in hand. I am sure
they have policies against such activities and can cancel the account. You
should be able to get it stopped at that end. With any luck, this bozo hasnt
had his pc hacked and its a zombie attack and is a poor innocent sucker.
Chances are he is since most serious hackers dont use compuserve or aohell
(in my experience, but there are exceptions).

Its a start. (and so far has worked for me every time when approaching the
sysadmins properly)


----- Original Message -----
From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Tuesday, December 25, 2001 8:25 PM
Subject: [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>


> Hi yah,
>
> Can anyone tell me how to stop this idiot from scanning the servers, have
> changed the port of ssh a while back so I'm not fussed about the port 22
> scan and portsentry and IP Chains are doing their thing. But this is
> happening nearly every day now, has anyone else seen scans from this
> source...
>
> Portsentry had an alert to ns.xxxxxxxxxxxxxxx.com from the following IP
> address and port:
> 211.174.38.152 22   < ------  This IP Changes all the time
> Service:
> ssh              22/tcp    SSH Remote Login Protocol
> ssh              22/udp   SSH Remote Login Protocol
> #                 Si Becker <71362.22@xxxxxxxxxxxxxx>  <------- This is
> constant as is the ports being scanned
>
> The other thing is there a script or method of cleaning the host.deny file
> after a certain amount of days - the deny file is starting to get a bit
big
> now and I think I can recollect someone mentioning there was problems
after
> a certain amount of IP's got listed...could have picked that up wrong
though
> :>
>
> Hope everyone had a pleasant Xmas
>
> Regards form Auckland
>
> Chae
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

References:
- [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>
  - From: Render-Vue

Prev by Date: [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>
Next by Date: Re: [cobalt-security] Backing Up
Previous by thread: [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>
Next by thread: Re: [cobalt-security] Si Becker <71362.22@xxxxxxxxxxxxxx>

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index