[lug] What do you do about hackers (in the current sense of uninvited obnoxious intruders)
D. Stimits
stimits at idcomm.com
Sat Apr 13 13:59:17 MDT 2002
Paul Bille wrote:
>
> > Send log copies, along with some note on your time zone settings and IP
> address at the time of attack, to the d.kaufmann at t-online.net.
>
> Dan,
>
> Good advice. I sent logs, IP, time zone to the domain administrator. I
> hope they act on the info. It's not unusual for me to see
> winnt/system32/cmd.exe probes but this attacker ran 89 probes in the minute
> or two that he was coming at me from that IP.
FYI, cmd.exe on windows is very similar to trying to feed a command to a
shell interpreter on linux. Seeing an attempt to cause a windows web
server to access that directly is a virtually guaranteed crack attempt,
very undeniable that it goes beyond port scanning.
D. Stimits, stimits at idcomm.com
>
> Thanks,
> Paul
> http://bille.cudenver.edu/author
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list