[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Need some help on a Attack Alert and a response from the source please...
- Subject: [cobalt-security] Need some help on a Attack Alert and a response from the source please...
- From: "Chuck Lewis" <clewis@xxxxxxxxxx>
- Date: Tue, 10 Feb 2004 12:14:58 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Folks,
We got the following Friday:
leeqube2.leesupply.net 02/06/04:16.37 ACTIVE SYSTEM ATTACK!
Fri 2/6/2004 4:37 PM
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Feb 6 16:35:19 leeqube2 portsentry[1068]: attackalert: Connect from host:
mx1.rosinstrument.com/217.21.36.42 to TCP port: 1080
Feb 6 16:35:19 leeqube2 portsentry[1068]: attackalert: Host 217.21.36.42
has been blocked via wrappers with string: "ALL: 217.21.36.42"
Feb 6 16:35:19 leeqube2 portsentry[1068]: attackalert: Host 217.21.36.42
has been blocked via dropped route using command: "/sbin/route add -host
217.21.36.42 reject"
So I went to 217.21.36.42 and actually got something ! :-)
Found a contact link and emailed them about this and I got the following
back
Hello Chuck,
It seems somebody in our network have SOCKS proxy configured with your host.
Please inform me if such activity will have place again.
--
Best regards,
MVlad mailto:mvlad67@xxxxxxxxxxx
I have NO idea what it means or no idea how to respond to this person. Any
help would be GREATLY appreciated.
Thanks !
Chuck