On Thu, 6 Jul 2000, "Ray Bowles" <[EMAIL PROTECTED]> wrote:
> I too have had some sort of connection:
> Jul 3 19:56:47 localhost in.ftpd[16221]: connect from 24.112.52.123
> Name: cr444296-c.lndn1.on.wave.home.com
> Address: 24.112.52.123
>
> What else can I do to track this person down? I need telnet open on my
> system for administration reasons.
You might want to consider ssh.
Or run telnet on a high port (e.g. 61352) to at least avoid the script
kiddies scans.
> They are running Caldera OpenLinux and
> Apache. They too are running telnet
> Ray
Best I think you can do is send the evidence to [EMAIL PROTECTED]
Most likely the guy on that machine has been hacked and the hacker is
using that machine for further scans and exploits. Since he has
telnet and other stuff open, reasonable to assume he has been hacked.
If you could get the email address of the user somehow, you could warn
him that he has been hacked (assuming [EMAIL PROTECTED] doesn't do this
for you).
Karl Runge
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
