Re: Exodus / Clue problems

[James McKenzie <mcs () 1ipnet net>]

 Since this is an attack on name servers, I found the following
http://www.cert.org/summaries/CS-98.04.html it may or may not be relvent.
But it mentions IMAP, named and that attacks come from name servers that
have been comprimised.

  James

At 06:25 PM 11/15/98 -0600, William S. Duncanson wrote:
> Seeing it here, too.
>
> At 18:52 11/15/98 -0500, Daniel Senie wrote:
> > sigma () pair com wrote:
> > > Let me guess - the IP is 209.67.50.254, and they're trying to login to
> > > nameservers as "root", sometimes a dozen times per second?
> >
> > I'm seeing that IP address trying to telnet into my name servers (don't
> > know if it's as root, since my filters are blocking them). I also see
> > them trying to access IMAP on my servers.
> >
> > Dan
> >
> > -- 
> > -----------------------------------------------------------------
> > Daniel Senie                                        dts () senie com
> > Amaranth Networks Inc.            http://www.amaranthnetworks.com
>
>
> William S. Duncanson                      caesar () starkreality com
> The driving force behind the NC is the belief that the companies who
brought us
> things like Unix, relational databases, and Windows can make an appliance
that
> is inexpensive and easy to use if they choose to do that.  -- Scott Adams 

 James McKenzie
 mcs () 1ipnet net
 http://www.1ipnet.net