[21502] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Exodus / Clue problems

daemon@ATHENA.MIT.EDU (Dan Hollis)
Mon Nov 16 02:20:53 1998

Date: Sun, 15 Nov 1998 17:06:31 -0800 (PST)
From: Dan Hollis <goemon@sasami.anime.net>
To: "William S. Duncanson" <caesar@starkreality.com>
cc: Daniel Senie <dts@senie.com>, nanog@merit.edu
In-Reply-To: <4.1.19981115182523.0505baa0@fire.starkreality.com>

On Sun, 15 Nov 1998, William S. Duncanson wrote:
> At 18:52 11/15/98 -0500, Daniel Senie wrote:
> >sigma@pair.com wrote:
> >> Let me guess - the IP is 209.67.50.254, and they're trying to login to
> >> nameservers as "root", sometimes a dozen times per second?
> >I'm seeing that IP address trying to telnet into my name servers (don't
> >know if it's as root, since my filters are blocking them). I also see
> >them trying to access IMAP on my servers.
> Seeing it here, too.

Seeing it here, on multiple machines, literally thousands of attempts:

Nov 15 14:05:50 server in.telnetd[4054]: connect from 209.67.50.254
Nov 15 14:05:50 server imapd[4055]: connect from 209.67.50.254

Nov 15 15:05:40 ns in.telnetd[26483]: refused connect from 209.67.50.254
Nov 15 15:05:40 ns in.telnetd[26484]: refused connect from 209.67.50.254

Nov 15 14:17:08 trap imapd[2330]: connect from 209.67.50.254
Nov 15 14:17:09 trap in.telnetd[2328]: refused connect from root@209.67.50.254

-Dan


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21502] in North American Network Operators' Group

Re: Exodus / Clue problems

daemon@ATHENA.MIT.EDU (Dan Hollis)Mon Nov 16 02:20:53 1998

daemon@ATHENA.MIT.EDU (Dan Hollis)
Mon Nov 16 02:20:53 1998