Seeing it here, too.
At 18:52 11/15/98 -0500, Daniel Senie wrote:
sigma@pair.com wrote:
Let me guess - the IP is 209.67.50.254, and they're trying to login to nameservers as "root", sometimes a dozen times per second?
I'm seeing that IP address trying to telnet into my name servers (don't know if it's as root, since my filters are blocking them). I also see them trying to access IMAP on my servers.
Dan
-- ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranthnetworks.com
William S. Duncanson caesar@starkreality.com The driving force behind the NC is the belief that the companies who brought us things like Unix, relational databases, and Windows can make an appliance
Since this is an attack on name servers, I found the following http://www.cert.org/summaries/CS-98.04.html it may or may not be relvent. But it mentions IMAP, named and that attacks come from name servers that have been comprimised. James At 06:25 PM 11/15/98 -0600, William S. Duncanson wrote: that
is inexpensive and easy to use if they choose to do that. -- Scott Adams
James McKenzie mcs@1ipnet.net http://www.1ipnet.net