Exodus: this is bad

• Previous message (by thread): Exodus: this is bad
• Next message (by thread): Exodus: this is bad
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

They went for our FreeBSD box too, and around the same time everyone else
is being scanned, I'm starting to think that this has got to be a worm.

Nov 16 16:08:31 ns1 telnetd[6355]: connect from mcserver.com 
Nov 16 16:08:31 ns1 telnetd[6354]: connect from mcserver.com 

 On Mon, 16 Nov 1998, Robert C. Henney wrote:

> > On Mon, 16 Nov 1998, Brian wrote:
> > 
> > > No, but I see stuff from this:
> > > 
> > > Nov 16 15:14:34 venus in.telnetd[17889]: connect from 209.119.115.65
> > > Nov 16 15:14:35 venus in.telnetd[17890]: connect from 209.119.115.65
> 
> 
> Both of our BSDi nameservers as well.  Just a while after your were hit.
> Definatly a pattern forming here.
> 
> Nov 16 15:57:05 iron telnetd at ns1.mv.net[10984]: connect from 209.119.115.65
> Nov 16 15:57:06 iron telnetd at ns1.mv.net[10985]: connect from 209.119.115.65
> 
> Nov 16 16:06:01 nickel telnetd at ns2.mv.net[1118]: connect from 209.119.115.65
> Nov 16 16:06:01 nickel telnetd at ns2.mv.net[1120]: connect from 209.119.115.65
> 
> 
> 
> -- 
> Rob @ MV Staff
> robh at cs.mv.net
> (603) 629-0000
> 

---------------------------------------------------------------------
Jari Takkala  -  <takkala at netwave>  /  <jtakkala at digital-network.net>
System Administrator - Digital-Network http://www.digital-network.net
---------------------------------------------------------------------

• Previous message (by thread): Exodus: this is bad
• Next message (by thread): Exodus: this is bad
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]