They went for our FreeBSD box too, and around the same time everyone else is being scanned, I'm starting to think that this has got to be a worm. Nov 16 16:08:31 ns1 telnetd[6355]: connect from mcserver.com Nov 16 16:08:31 ns1 telnetd[6354]: connect from mcserver.com On Mon, 16 Nov 1998, Robert C. Henney wrote:
On Mon, 16 Nov 1998, Brian wrote:
No, but I see stuff from this:
Nov 16 15:14:34 venus in.telnetd[17889]: connect from 209.119.115.65 Nov 16 15:14:35 venus in.telnetd[17890]: connect from 209.119.115.65
Both of our BSDi nameservers as well. Just a while after your were hit. Definatly a pattern forming here.
Nov 16 15:57:05 iron telnetd@ns1.mv.net[10984]: connect from 209.119.115.65 Nov 16 15:57:06 iron telnetd@ns1.mv.net[10985]: connect from 209.119.115.65
Nov 16 16:06:01 nickel telnetd@ns2.mv.net[1118]: connect from 209.119.115.65 Nov 16 16:06:01 nickel telnetd@ns2.mv.net[1120]: connect from 209.119.115.65
-- Rob @ MV Staff robh@cs.mv.net (603) 629-0000
--------------------------------------------------------------------- Jari Takkala - <takkala@netwave> / <jtakkala@digital-network.net> System Administrator - Digital-Network http://www.digital-network.net ---------------------------------------------------------------------