[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] RE: Si Becker <71362.22@xxxxxxxxxxxxxx>
- Subject: [cobalt-security] RE: Si Becker <71362.22@xxxxxxxxxxxxxx>
- From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
- Date: Thu, 27 Dec 2001 10:18:26 +1300
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Yah,
Thanks for replies...
Did some more searching and the name/ID shown from CompuServe...Si Becker
<71362.22@xxxxxxxxxxxxxx>
it actually shows up here http://www.sockets.com/services.htm which lists
all standard ports used :-
smpte 420/tcp SMPTE
smpte 420/udp SMPTE
# Si Becker <71362.22@xxxxxxxxxxxxxx>
This is what I'm seeing on my logcheck reports...
Portsentry had an alert to ns.xxxxxxxxxxxxxxx.com from the following IP
address and port:
211.174.38.152 22 < ------ NOTE This IP changes all the time but port
number stays the same
Service:
ssh 22/tcp SSH Remote Login Protocol
ssh 22/udp SSH Remote Login Protocol
# Si Becker <71362.22@xxxxxxxxxxxxxx> <------- This is
constant
Everytime I have one of these notifications the IP owners are notified along
with a copy sent to compuserve, but with over 20 of these notifications
being sent out I haven't heard back from either compuserve or any of the IP
owners sys admins or ISP's - with doing the searching above I now think that
the signature may be bogus - don't know. Anyone else seen anything similiar
before????
If I do add the IP's to say host.deny I know they may be spoofed so is there
any script available for clearing the host.deny after a certain time period.
Regards from Auckland
Chae