May this was an isolated incident?

[root@xxx ~]# traceroute ansa.it
traceroute to ansa.it (194.244.5.201), 30 hops max, 38 byte packets
1 xxx (xxx) 0.469 ms 0.243 ms 0.191 ms << from my location
2 xxx (xxx) 0.784 ms 0.798 ms 1.173 ms << from my location
3 atm008.edge1.chi.megapath.net

[ more ]  [ reply ]

Hy,

During a security check it was the evidence of an intrution.

The hacker placed 2 backdoor and a rootkit.

What is very strange is that all packets seems to pass inside
an Italian ISP Wan but inside its network there are some DoD IP.

Like this traceroute may reveal:

root@alea:dave# tra

[ more ]  [ reply ]

Not exactly a "new" discovery, just a timely warning to recheck your sshd_config after applying vendor patches. We have a couple of MacOS-X boxes authenticating users thru our campus ldap. We had blocked ssh access for a group of "convenience" accts in that ldap domain. A recent Apple Security updat

[ more ]  [ reply ]

I believe you will find there is a setting that tells a Win2k server to try TCP if UDP fails for DNS resolution. Maybe the UDP was failing and the box was doing as it was told.

-----Original Message-----
From: Alex [mailto:incidents (at) alex.gotdns (dot) org [email concealed]]
Sent: Fri 3/24/2006 1:53 AM
To: incidents@securi

[ more ]  [ reply ]

I believe we have exhausted the discussion of the SSH scans, and this thread
has started to go off-topic. Unless a new discovery is made, I think its best
that we retire this thread.

-JG

[ more ]  [ reply ]

Hi,

I recently ran "netstat" on my personal laptop (running Win2k) and was
shocked to see that it had been making TCP connections to the root servers
(to their domain port). I know that some DNS queries are performed using
TCP, but I find it somewhat disturbing that the root servers were
involv

[ more ]  [ reply ]

*urgh* thats why things go terribly wrong.

Security by obscurity isn't save, wasnt and will never be, if you just dont want the LogEntrys, exclude it from your Syslog.

if you want to secure your SSH Service, try following steps:

- if possible, use a seperate LAN (MGMT) and bind
your Servic

[ more ]  [ reply ]

After of seeing a lot of ssh scans on my firewalls and home PC, I
made a script that filters out the "Invalid User" entry inside
/var/log/messages and do some cleaning process, the result is a
dictionary (homebrew) of users that tried to login into my hosts.
Into the dictionary I saw english and

[ more ]  [ reply ]

A couple of phishing emails got through our spamassasin/clamav filter here
at work, and through to my gmail account, damn near simultaneously. Both
with very different text, and different urls. Now clamav is generally
very capable of stopping phishing attacks, so I'm surprised these made it
th

[ more ]  [ reply ]

Can anyone clue me in to what could possibly cause a netbios name service
with a query type of nbtstat to have the same source/dest ip address?
Besides the obvious of crafting this type of packet.
--
View this message in context: http://www.nabble.com/unicast-netbios-name-service-nbtstat-query-t

[ more ]  [ reply ]

The behavoir of the original incident reported on this list closely mirrors the description at the URL below:

http://www.securemac.com/aimpasswordthief.php

What is different is the in abilitly to create new IDs on AIM to replace the hijacked one. That is a new twist. Also -- one should note that

[ more ]  [ reply ]