Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Korea (was RE: ?)

From: fernando () BN PT (Fernando Cardoso)
Date: Wed, 26 Jan 2000 19:52:33 -0000

I have LOTS of portscanning (mostly to port 111) from a number of hosts
in Korea. I portscanned them back and find out that at least a couple of
them had port 2222 open. A telnet to that port droped me in a rootshell
without being asked for any password....

Fernando


-----Original Message-----
From: Adam Boileau [mailto:adam.boileau () STAFF IHUG CO NZ]
Sent: quarta-feira, 26 de Janeiro de 2000 9:15
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: ?


On Mon, 24 Jan 2000, C. wrote:


Jan 22 16:48:53 main named[102]: unapproved AXFR from
[210.179.238.50].4721 for "here.my.domain" (acl)



You too huh? - Logs are in NZDT (GMT+13)

Jan 23 15:49:19 eye named[111]: unapproved AXFR from
[210.113.215.106].1458 for "a.domain.wot.this.box.know.about" (acl)

Jan 23 17:58:32 eye named[111]: unapproved AXFR from
[210.113.215.106].2174 for "another.different.domain" (acl)

Jan 23 18:06:47 eye named[111]: unapproved AXFR from
[210.113.215.106].2518 for
"and.one.I.only.registered.the.other.day" (acl)


That's funny. Both from Korea. I guess there's lots of people
in Korea,
but still. Funny.

---
Adam
Systems Programmer
Ihug - www.ihug.co.nz
Previous By Date Next
Previous By Thread Next

Current thread: