|
Incidents
Tracking down random ICMP Jan 22 2007 01:19PM Craig Chamberlain (craig chamberlain Q1Labs com) (3 replies) Re: Tracking down random ICMP Jan 23 2007 03:32PM Valdis Kletnieks vt edu (2 replies) Re: Tracking down random ICMP Jan 25 2007 12:13PM Javier Fernández-Sanguino (jfernandez germinus com) (1 replies) Re: Tracking down random ICMP Jan 25 2007 05:20PM Valdis Kletnieks vt edu (2 replies) DoS attacks using ports 31800, 31900 ? Feb 02 2007 06:27PM David Gillett (gillettdavid fhda edu) (1 replies) Re: Tracking down random ICMP Jan 23 2007 09:37PM Jose Nazario (jose monkey org) (1 replies) |
|
|
Privacy Statement |
a Korean advertising company ("VAAN") began connecting to our
public addresses on TCP port 21 (FTP). (It may have spent some time
earlier trying to connect to our DHCP ranges and getting dropped at
the border routers.)
From about 7:50am(PST), it began to randomly try passwords to log
on as "Admin" or "Guest" to the various systems it had found. None
of these login attempts had succeeded when I blocked inbound traffic
from that address around 8:50am(PST).
Although none of the login attempts succeeded, on some machines it
also attempted to remove a directory named "sarcaxxo". This links it
to incidents reported by other sites as far back as the beginning of
November 2006. Nobody yet seems to know what's behind this.
David Gillett
[ reply ]