|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: cybercop scan from 202.106.149.47
From: Robert Watson (rwatson
freebsd.org)Date: Sat Jun 10 2000 - 10:20:28 CDT
- Next message: Alexandre Snarskii: "Re: libsafe"
- Previous message: Darren Reed: "Re: cybercop scan from 202.106.149.47"
- In reply to: Darren Reed: "cybercop scan from 202.106.149.47"
- Reply: Robert Watson: "Re: cybercop scan from 202.106.149.47"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 10 Jun 2000, Darren Reed wrote:
> did anyone else get that syslog message ?
NAI's vulnerability scanner, CyberCop, will notify the machine being
scanned that the scanning is occurring. When doing so, it chooses a level
of emerg, resulting in syslogd sending the message to all users. In
recent versions of FreeBSD, I believe the default arguments to syslogd
cause it to ignore network-sourced syslog packets (-s?). For whatever
reason, freefall's /etc has not been updated to do that.
It sounds like someone grabbed a copy of CyberCop and is using it to scan
for potential targets, not knowing that it causes bright lights to flash
:-). There should also be lots of other evidence of the scan in the
system logs.
Robert N M Watson
robertfledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Alexandre Snarskii: "Re: libsafe"
- Previous message: Darren Reed: "Re: cybercop scan from 202.106.149.47"
- In reply to: Darren Reed: "cybercop scan from 202.106.149.47"
- Reply: Robert Watson: "Re: cybercop scan from 202.106.149.47"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]