Hi Suresh,
I am new to Linux. Kindly tell me which report/log files to check & where it is
located?
It is urgent. May be someone is using my system to portscans of port 111.
Thanks in advance
Krishna Rao
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Suresh
Ramasubramanian
Sent: Monday, June 05, 2000 1:27 PM
To: Krishna Rao SN
Cc: Linux-India-Help@Lists. Linux-India. Org
Subject: [LIH] Re: unauthorized access attempt - portscan
Krishna Rao SN saw fit to inform LI that:
>I have received an email with the following:
>Portscans of port 111 (portmap) have been detected and logged to this
>computer and this network from mail.mydomain.com, xxx.xxx.xxx.xxx Please
>take appropriate action to ensure this action ceases ASAP.
See the reports and match them with your logs. Find out which box this is
coming from.
Either one of your employees is trying some hacking tricks, or one of your
older boxes has been compromised (rooted) by some hacker and he is using
your network to launch portscans and hack into other machines. Or maybe
you have something like Back Orifice, Trin00, Stacheldracht etc infesting
your system.
Find which server / which employee and disconnect it or him ASAP. Upgrade
it or clean it of trojans. Watch your logs for suspicious activity and
maintain a good firewall.
-suresh
-----------------------------------------------------------------------
The LIH mailing list archives are available at:
http://lists.linux-india.org/cgi-bin/wilma/linux-india-help-----------------------------------------------------------------------
For information on this and other Linux India mailing lists check out
http://lists.linux-india.org/
