NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 2000-04

Subject: How to deal with intruder?
From: Chutima S. (chutima_szdnetonebox.com)
Date: Sun Apr 02 2000 - 23:54:52 CDT

Next message: Mike Tancsa: "Re: How to deal with intruder?"
Previous message: Robert Watson: "Re: MAJOR DDOS"
Next in thread: Mike Tancsa: "Re: How to deal with intruder?"
Reply: Mike Tancsa: "Re: How to deal with intruder?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear all,

I'm a new internet admin. I found in security check output routine that
many people try to connect to my server:

Mar 3 18:56:45 mail inetd[2409]: refused connection from p62-bkkSP1.C.loxinfo.net.th,
service popper (tcp)
Mar 3 18:58:05 mail inetd[2411]: refused connection from p62-bkkSP1.C.loxinfo.net.th,
service tcpd (tcp)
Mar 3 18:59:11 mail inetd[2412]: refused connection from p62-bkkSP1.C.loxinfo.net.th,
service popper (tcp)
Mar 3 19:01:38 mail inetd[2426]: refused connection from p62-bkkSP1.C.loxinfo.net.th,
service popper (tcp)
Mar 3 19:11:32 mail inetd[2439]: refused connection from p62-bkkSP1.C.loxinfo.net.th,
service popper (tcp)
Mar 3 19:21:33 mail inetd[2451]: refused connection from p62-bkkSP1.C.loxinfo.net.th,
service popper (tcp)
Mar 17 12:48:14 mail inetd[32549]: refused connection from 210.71.232.99,
service tcpd (tcp)
Mar 17 12:48:16 mail inetd[32551]: refused connection from 210.71.232.99,
service tcpd (tcp)
Mar 18 10:40:24 mail inetd[34770]: refused connection from l238ppp099.ksc.net.th,
service tcpd (tcp)
Mar 18 10:40:24 mail inetd[34771]: refused connection from l238ppp099.ksc.net.th,
service tcpd (tcp)
Mar 18 10:40:24 mail inetd[34772]: refused connection from l238ppp099.ksc.net.th,
service tcpd (tcp)
Mar 18 10:40:24 mail inetd[34773]: refused connection from l238ppp099.ksc.net.th,
service tcpd (tcp)
Mar 18 10:41:27 mail inetd[34775]: refused connection from l238ppp099.ksc.net.th,
service tcpd (tcp)
Mar 18 10:41:41 mail inetd[34777]: refused connection from l238ppp099.ksc.net.th,
service tcpd (tcp)
Apr 2 14:48:11 mail inetd[69483]: refused connection from root203.107.227.2,
service tcpd (tcp)
Apr 2 14:48:11 mail inetd[69484]: refused connection from root203.107.227.2,
service tcpd (tcp)

That really scare me!!! I don't know how to deal with them. So I want
your advice for :
1. Should I try to contact anybody(admin at those server)?
2. How can I trace them back to know are they?

Thank you,

-- Chutima Subsirin chutima_s

zdnetonebox.com - email

___________________________________________________________________ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com

To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message

Next message: Mike Tancsa: "Re: How to deal with intruder?"
Previous message: Robert Watson: "Re: MAJOR DDOS"
Next in thread: Mike Tancsa: "Re: How to deal with intruder?"
Reply: Mike Tancsa: "Re: How to deal with intruder?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]