[lug] What do you do about hackers (in the current sense of uninvited obnoxious intruders)

D. Stimits stimits at idcomm.com
Sat Apr 13 13:59:17 MDT 2002


Paul Bille wrote:
> 
> > Send log copies, along with some note on your time zone settings and IP
> address at the time of attack, to the d.kaufmann at t-online.net.
> 
> Dan,
> 
> Good advice.  I sent logs, IP, time zone to the domain administrator.  I
> hope they act on the info.  It's not unusual for me to see
> winnt/system32/cmd.exe probes but this attacker ran 89 probes in the minute
> or two that he was coming at me from that IP.

FYI, cmd.exe on windows is very similar to trying to feed a command to a
shell interpreter on linux. Seeing an attempt to cause a windows web
server to access that directly is a virtually guaranteed crack attempt,
very undeniable that it goes beyond port scanning.

D. Stimits, stimits at idcomm.com

> 
> Thanks,
> Paul
> http://bille.cudenver.edu/author
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug



More information about the LUG mailing list