I just thought I would send a note to the list alerting people that on the
evening of Feb. 1 and the morning of Feb. 2, what appears to be a fairly
broad port scan occurred. The originating address is
ip115.nashville.tn.pub-ip.psi.net, or ip address 38.11.240.115
Our unix servers at work were scanned for the ancient (but still
problematic) phf bug, as well as for promiscuous NFS servers. Our phf
binary, which acts as a dummy, got this person's attention enough that when
the evening scan (about 11pm) showed a working binary, they connected again
early in the morning (about 5am) trying to actually access our password file.
In addition, my home machine was scanned at ports ranging from www to pop
and imap.
Anyway, I thought I would pass along the info and encourage people to look
at their logs and systems for strangeness.
--
Public key at www-swiss.ai.mit.edu | Shane Williams
/~bal/pks-toplev.html | Systems Administrator UT-GSLIS
=----------------------------------+-------------------------------
All syllogisms contain three lines | [EMAIL PROTECTED]
Therefore this is not a syllogism | www.gslis.utexas.edu/~shanew
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
