System log for www.io.utexas.edu:
6:47 PM 5/6/98 128.83.223.57 [EMAIL PROTECTED]
6:47 PM 5/6/98 128.83.223.57 [EMAIL PROTECTED]
I have a feeling this utnetcensus entry indicates this is UT's way to
enforce their prohibition of warez servers and such.....they're probably
checking for anonymous ftp servers with write access in an automated
fashion. I'm showing similar entries in all logs for international office
computers running ftp or web servers. krosis.csres.utexas.edu (the ACM
office computer) also has similar log entries. Not sure why they'd be
the web servers; maybe they're using this for statistics purposes too.
This is not the first time I've noticed this, BTW; I believe this is
something they do on a regular basis.
-Stian
On Thu, 7 May 1998 [EMAIL PROTECTED] wrote:
> I also noticed the following in my syslog this morning. My clock is not
> very accurate, so the date and times are a little off.
>
> May 7 01:57:03 kramer wu.ftpd[5881]: connect from 128.83.223.57
> May 7 01:57:03 kramer ftpd[5881]: SYST
> May 7 01:57:07 kramer ftpd[5881]: FTP session closed
> May 7 01:57:10 kramer in.telnetd[5883]: connect from 128.83.223.57
>
> I've also noticed someone from zarniwoop.ots in my httpd log a few
> times...
>
> zarniwoop.ots.utexas.edu - - [07/May/1998:01:57:07 +0000] "GET / HTTP/1.1"
> 200 2
>
>
> It looks like someone wrote a nice little port scanner... Anyone else
> seen anything similar?
>
> Brian Vandiver
>
>
>
> >
> > Was anyone in ots running some sort of test yesterday on computers
> > attached to telesys?
> >
> > I was logged on yesterday afternoon/evening and noticed in the "secure"
> > log in linux that someone tried ftping to the IP address allocated to my
> > machine by telesys and, a few seconds later, tried telnetting to the same
> > address. The ftp and telnet ttempts were made at 18:50, and 21:30
> > yesterday.
> >
> > I wouldn't think anything about it, but a co-worker told me this morning
> > that someone tried anonymously ftping to her mac yesterday afternoon as
> > well.
> >
> > The attempts were made from a mac called zarniwoop.ots.utexas.edu
> > (128.83.223.57). Was anyone else affected?
> >
> >
> > ********************************************************************
> > Marty Combs Was das ist, ist verursacht
> > ACITS, (E26 2.316) durch das was war,
> > The University of Texas und das, was sein wird,
> > Austin, TX 78712 hat das was ist zur Ursache.
> >
> > Tel: 512-232-3521 -Reme der Gourmont
> > ********************************************************************
> >
> > ---------------------------------------------------------------------------
> > Send administrative requests to [EMAIL PROTECTED]
>
> ---------------------------------------------------------------------------
> Send administrative requests to [EMAIL PROTECTED]
>
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
