[lug] Hacking through dump?

Hugh Brown hugh at math.byu.edu
Mon Jul 17 08:15:13 MDT 2000


I would guess that someone was trying to hack.  There isn't any reason
anything should be trying to contact dump remotely, unless you are using
dump to backup these hosts (not likely since you didn't recognize these
IP's).  Dump has had some security exploits in the past.  You might want
to make sure that host.deny is active and well.

Hugh


Chip Atkinson wrote:
> 
> Greetings,
> 
> I have been looking through my logs and saw a couple attempts to connect
> to dump() in them:
> 
> Jul 15 14:12:01 localhost portmap[24541]: connect from 209.113.108.66 to
> dump(): request from unauthorized host
> Jul 15 14:42:37 localhost portmap[25179]: connect from 202.47.250.70 to
> dump(): request from unauthorized host
> 
> Oddly enough, dump doesn't occur in syslog.conf or inetd.conf.   Does
> anyone know if this is a hacking attempt?  It appears that the 209 address
> has a static IP, whie the 202 address has a dynamic IP, or at least
> nslookup indicates that.
> 
> Thanks in advance,
> Chip
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug





More information about the LUG mailing list