Security Incidents mailing list archives
Korea (was RE: ?)
From: fernando () BN PT (Fernando Cardoso)
Date: Wed, 26 Jan 2000 19:52:33 -0000
I have LOTS of portscanning (mostly to port 111) from a number of hosts in Korea. I portscanned them back and find out that at least a couple of them had port 2222 open. A telnet to that port droped me in a rootshell without being asked for any password.... Fernando
-----Original Message----- From: Adam Boileau [mailto:adam.boileau () STAFF IHUG CO NZ] Sent: quarta-feira, 26 de Janeiro de 2000 9:15 To: INCIDENTS () SECURITYFOCUS COM Subject: Re: ? On Mon, 24 Jan 2000, C. wrote:Jan 22 16:48:53 main named[102]: unapproved AXFR from [210.179.238.50].4721 for "here.my.domain" (acl)You too huh? - Logs are in NZDT (GMT+13) Jan 23 15:49:19 eye named[111]: unapproved AXFR from [210.113.215.106].1458 for "a.domain.wot.this.box.know.about" (acl) Jan 23 17:58:32 eye named[111]: unapproved AXFR from [210.113.215.106].2174 for "another.different.domain" (acl) Jan 23 18:06:47 eye named[111]: unapproved AXFR from [210.113.215.106].2518 for "and.one.I.only.registered.the.other.day" (acl) That's funny. Both from Korea. I guess there's lots of people in Korea, but still. Funny. --- Adam Systems Programmer Ihug - www.ihug.co.nz
Current thread:
- BOGUS.IvCD File, (continued)
- BOGUS.IvCD File Jonathan A. Zdziarski (Jan 26)
- Re: BOGUS.IvCD File Vanja Hrustic (Jan 27)
- Re: PC Anywhere client seems to probe class C of connected networks Robert Graham (Jan 26)
- Probes to tcp 2766 ('System V Listner') Russell Fulton (Jan 26)
- Re: No Idea Paul L Schmehl (Jan 25)
- Re: No Idea Robert Graham (Jan 25)
- Possible Probe = Possible Malfunction Ron Gula (Jan 25)
- Possible attemt at hacking? Geir A. Bjune (Jan 25)
- Re: Possible attemt at hacking? Brendan Grieve (Jan 27)
- Re: ? Adam Boileau (Jan 25)
- Korea (was RE: ?) Fernando Cardoso (Jan 26)
- Strange DNS/TCP activity Pavel Kankovsky (Jan 26)
- Re: Strange DNS/TCP activity Asmodeus (Jan 27)
- Re: Strange DNS/TCP activity Roy Pait (Jan 27)
- port 768 Guido A.J. Stevens (Jan 27)
- Re: port 768 Robert Graham (Jan 27)
- Re: Strange DNS/TCP activity technot (Jan 27)
- Re: Strange DNS/TCP activity Richard Bejtlich (Jan 27)
- Connect thru PIX & ports 1727, 2209, 9200 CL: Nelson, Jeff (Jan 27)
- Re: Korea (again) Kim R. Rasmussen (Jan 26)
- Re: Korea (again) zeek (Jan 27)