[21466] in North American Network Operators' Group
Re: Exodus / Clue problems
daemon@ATHENA.MIT.EDU (James McKenzie)
Sun Nov 15 20:05:33 1998
Date: Sun, 15 Nov 1998 16:50:08 -0800
To: nanog@merit.edu
From: James McKenzie <mcs@1ipnet.net>
In-Reply-To: <4.1.19981115182523.0505baa0@fire.starkreality.com>
Since this is an attack on name servers, I found the following
http://www.cert.org/summaries/CS-98.04.html it may or may not be relvent.
But it mentions IMAP, named and that attacks come from name servers that
have been comprimised.
James
At 06:25 PM 11/15/98 -0600, William S. Duncanson wrote:
>Seeing it here, too.
>
>At 18:52 11/15/98 -0500, Daniel Senie wrote:
>>sigma@pair.com wrote:
>>>
>>> Let me guess - the IP is 209.67.50.254, and they're trying to login to
>>> nameservers as "root", sometimes a dozen times per second?
>>
>>I'm seeing that IP address trying to telnet into my name servers (don't
>>know if it's as root, since my filters are blocking them). I also see
>>them trying to access IMAP on my servers.
>>
>>Dan
>>
>>--
>>-----------------------------------------------------------------
>>Daniel Senie dts@senie.com
>>Amaranth Networks Inc. http://www.amaranthnetworks.com
>
>
>William S. Duncanson caesar@starkreality.com
>The driving force behind the NC is the belief that the companies who
brought us
>things like Unix, relational databases, and Windows can make an appliance
that
>is inexpensive and easy to use if they choose to do that. -- Scott Adams
>
>
James McKenzie
mcs@1ipnet.net
http://www.1ipnet.net
