[LIH] Re: unauthorized access attempt - portscan

[Suresh Ramasubramanian]

Krishna Rao SN saw fit to inform LI that: 

>I have received an email with the following:
>Portscans of port 111 (portmap) have been detected and logged to this
>computer and this network from mail.mydomain.com, xxx.xxx.xxx.xxx Please
>take appropriate action to ensure this action ceases ASAP.

See the reports and match them with your logs.  Find out which box this is
coming from.

Either one of your employees is trying some hacking tricks, or one of your
older boxes has been compromised (rooted) by some hacker and he is using
your network to launch portscans and hack into other machines.  Or maybe
you have something like Back Orifice, Trin00, Stacheldracht etc infesting
your system.

Find which server / which employee and disconnect it or him ASAP.  Upgrade
it or clean it of trojans.  Watch your logs for suspicious activity and
maintain a good firewall.

-suresh


-----------------------------------------------------------------------
The LIH mailing list archives are available at:
http://lists.linux-india.org/cgi-bin/wilma/linux-india-help