Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Somebody has tried to break in. What to do with him?
  • From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
  • Date: Fri, 4 Jan 2002 14:02:07 -0700
  • Message-id: <012101c19563$12080160$6400030a@xxxxxxxxxxxx>
Actually most scans are no longer forged, the level of "noise" from script
kiddies/etc is amazing, you get broadband at home, you too can be a 'leet
uber-cracker and scan a million hosts in <1 hour. Reporting rarely works,
although if more people reported it might, something I am working on.


Kurt Seifried, kurt@xxxxxxxxxxxx
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/


----- Original Message -----
From: "Douglas Trainor" <trainor@xxxxxxx>
To: <alexeys@xxxxxxxxxxxxx>
Cc: <suse-security@xxxxxxx>
Sent: Friday, January 04, 2002 1:38 PM
Subject: Re: [suse-security] Somebody has tried to break in. What to do with
him?


> You may have a full-time job in the future doing just reporting!
>
> It's somewhat likely that anyone scanning like that would forge the IP
address...
>
> douglas
>
> alexeys@xxxxxxxxxxxxx wrote:
>
> > Hello,
> >
> > look at the log. Is the a way to report on that guy?
> >
> > - Alexey.
> >
> > 139.130.148.203 - - [03/Jan/2002:11:45:17 -0800] "HEAD /....../etc/hosts
> > HTTP/1.1" 404 0 "-" "Mozilla/5.0"
> > 139.130.148.203 - - [03/Jan/2002:11:45:16 -0800] "HEAD
/../../../../etc/hosts
> > HTTP/1.1" 400 0 "-" "Mozilla/5.0"
> > 139.130.148.203 - - [03/Jan/2002:11:36:02 -0800] "HEAD
> > /cgi-bin/shop.cgi/page=../../../../etc/passwd HTTP/1.1" 404 0 "-"
"Mozilla/5.0"
> > 139.130.148.203 - - [03/Jan/2002:11:30:22 -0800] "HEAD /../../passwd
HTTP/1.1"
> > 400 0 "-" "Mozilla/5.0"
> > 139.130.148.203 - - [03/Jan/2002:11:30:19 -0800] "HEAD /../../passwd
HTTP/1.1"
> > 400 0 "-" "Mozilla/5.0"
> > 139.130.148.203 - - [03/Jan/2002:11:30:16 -0800] "HEAD
/../../../etc/passwd
> > HTTP/1.1" 400 0 "-" "Mozilla/5.0"
> > 139.130.148.203 - - [03/Jan/2002:11:30:13 -0800] "HEAD
/../../../../etc/passwd
> > HTTP/1.1" 400 0 "-" "Mozilla/5.0"
> > 139.130.148.203 - - [03/Jan/2002:11:30:10 -0800] "HEAD /../../etc/passwd
> > HTTP/1.1" 400 0 "-" "Mozilla/5.0"
> >
> > { http://trelony.cjb.net/ } Alexey N. Solofnenko
> > { http://www.inventigo.com/ } Inventigo LLC
> > Pleasant Hill, CA (GMT-8 usually)
> >
> > -------------------------------------------------
> > This mail sent through IMP: https://mail.inventigo.com/horde/imp/
> >
> > --
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>


< Previous Next >