Could someone help me out with this I have responded by knocking out imap but there may be other avenues or it may be an innocent thing. This is what I have in my log. Aug 6 15:45:04 alpha imapd[27638]: System break-in attempt, host=infon819.jet.es [195.55.159.51] what other measures should I take? Noah ksemat@eahd.or.ug
You, ksemat@wawa.eahd.or.ug, wrote:
Could someone help me out with this I have responded by knocking out imap but there may be other avenues or it may be an innocent thing. This is what I have in my log. Aug 6 15:45:04 alpha imapd[27638]: System break-in attempt, host=infon819.jet.es [195.55.159.51] what other measures should I take?
It's an attempt, not a successful breakin.
The attacking machine is in spain, so you should inform the IRIS CERT
Hi Noah,
Improve on the experience, it is a very interesting occasion.
Apart from personal experience you will help clean garbage people from The Net.
Follow Stefan A. Muehlenweg's advice.
Do forward incident to "IRIS-CERT" at:
mailto:cert@rediris.es
You can find the "IRIS-CERT RedIRIS Computer Emergency Response Team" at:
Spanish URL: http://www.rediris.es/cert/contact.es.html
English URL: http://www.rediris.es/cert/contact.en.html
Do state "ALERT - System break-in attempt from jet.es", and send them the log
attached and short description, tell them also to give you support and news till
end.
They will coordinate incident with Jet Spain ISP, and probably find out who was at
the time connected with this dynamic IP lease at the moment of this indecent
incident.
Here at Spain we have strict rules with this kind of acts.
I, Spanish, am shamed by them, as i am of the todays and continous ETA bombings here
in Madrid.
Maybe it well be that they become with their net connection canceled by the ISP and
have also a strong fine.
Stupid people, do not they know we are all connected, informed and well behaved??
If this incident is kept on the dark they will think they do not harm, that there
are only computers on the other end, and they will try and try again not only with
you but with a lot of other, they think it is only for fun, but they will have a
good surprise!!
By other way, if they want/need experience on security/break-ins why they do not
arrange a small group and test and try to break among them??
Please, do not leave it alone, ACT ASAP.
Do not worry if you have a small setup, those are the ones that need more attention,
and no body needs really to know, the important is the fact.
Spanish IRIS-CERT people are cool and professional, i know them personally, but take
into account that we are now on August and at this time response can be slow, much
of them are on holidays now.
If you need help with the process do not hesitate to tell me, i'm willing to help
you.
PS: Noah, why you do not complete your _from_ mail info with your complete name, now
you are only reflecting "
Could someone help me out with this I have responded by knocking out imap but there may be other avenues or it may be an innocent thing. This is what I have in my log. Aug 6 15:45:04 alpha imapd[27638]: System break-in attempt, host=infon819.jet.es [195.55.159.51] what other measures should I take? Noah ksemat@eahd.or.ug
-- HTH Best regards, Eduardo Carriles [-- Better a smile than a flame --] (Long time SuSE-Linux [preferred distro] user). [-- Se me nota mucho? -- Notices me much?] [-- Have a lot of fun...]
participants (3)
-
Eduardo Carriles
-
ksemat@wawa.eahd.or.ug
-
Stefan A. Muehlenweg