[21598] in North American Network Operators' Group
Re: Exodus: this is bad
daemon@ATHENA.MIT.EDU (Takkala)
Mon Nov 16 23:58:17 1998
Date: Mon, 16 Nov 1998 23:25:05 -0500 (EST)
From: Takkala <takkala@netwave.ca>
To: nanog@merit.edu
In-Reply-To: <199811170124.UAA17738@mv.mv.com>
They went for our FreeBSD box too, and around the same time everyone else
is being scanned, I'm starting to think that this has got to be a worm.
Nov 16 16:08:31 ns1 telnetd[6355]: connect from mcserver.com
Nov 16 16:08:31 ns1 telnetd[6354]: connect from mcserver.com
On Mon, 16 Nov 1998, Robert C. Henney wrote:
> > On Mon, 16 Nov 1998, Brian wrote:
> >
> > > No, but I see stuff from this:
> > >
> > > Nov 16 15:14:34 venus in.telnetd[17889]: connect from 209.119.115.65
> > > Nov 16 15:14:35 venus in.telnetd[17890]: connect from 209.119.115.65
>
>
> Both of our BSDi nameservers as well. Just a while after your were hit.
> Definatly a pattern forming here.
>
> Nov 16 15:57:05 iron telnetd@ns1.mv.net[10984]: connect from 209.119.115.65
> Nov 16 15:57:06 iron telnetd@ns1.mv.net[10985]: connect from 209.119.115.65
>
> Nov 16 16:06:01 nickel telnetd@ns2.mv.net[1118]: connect from 209.119.115.65
> Nov 16 16:06:01 nickel telnetd@ns2.mv.net[1120]: connect from 209.119.115.65
>
>
>
> --
> Rob @ MV Staff
> robh@cs.mv.net
> (603) 629-0000
>
---------------------------------------------------------------------
Jari Takkala - <takkala@netwave> / <jtakkala@digital-network.net>
System Administrator - Digital-Network http://www.digital-network.net
---------------------------------------------------------------------
