[PLUG] Re: Attempted network cracking (fwd)

Rich Shepard rshepard at appl-ecosys.com
Wed Jul 31 23:25:32 UTC 2002 

  It always pleases me greatly when I get a response such as the one below
to my report of an attempt to crack into our network. Nice folks there!

Rich

---------- Forwarded message ----------
Date: Wed, 31 Jul 2002 17:58:12 -0500
From: Dean McClendon <dean at mcc-sys.com>
To: Rich Shepard <rshepard at appl-ecosys.com>
Subject: Re: Attempted network cracking

We apologize for the intrusion attempt. This originated from one of our 
name servers in a DMZ that was compromised earlier this week. We had 
mistakenly left SSH running on this box and an outside user had 
exploited this oversite & used this machine to run port scans on others. 
We have , within the last hour, wiped the machine & reloaded and have 
made sure to close up any potential entry. Sorry again for the 
trouble........


On Wednesday, July 31, 2002, at 05:40 PM, Rich Shepard wrote:

>   Yesterday, someone from your domain tried to crack into our network. 
> The
> records from /var/log/messages are:
>
> Jul 30 08:00:50 salmo sshd[26081]: refused connect from dns-2.mcc-
> sys.com
> Jul 30 08:00:53 salmo sshd[26082]: refused connect from ns2.mcc-sys.com
> Jul 30 08:00:59 salmo sshd[26083]: refused connect from dns-2.mcc-
> sys.com
> Jul 30 08:01:11 salmo sshd[26086]: refused connect from ns2.mcc-sys.com
> Jul 30 08:02:24 salmo sshd[26087]: refused connect from ns2.mcc-sys.com
> Jul 30 08:04:01 salmo sshd[26088]: refused connect from ns2.mcc-sys.com
>
>   Please take the appropriate actions to prevent this happening again.
>
> Thank you,
>
> Rich
>
> Dr. Richard B. Shepard, President
>
>                        Applied Ecosystem Services, Inc. (TM)
>             2404 SW 22nd Street | Troutdale, OR 97060-1247 | U.S.A.
>  + 1 503-667-4517 (voice) | + 1 503-667-8863 (fax) | 
> rshepard at appl-ecosys.com
>                          http://www.appl-ecosys.com
>
>
>


---------------------------------------------------------------
Dean McClendon
Webworkz Network, Inc.
(409)985-8470 ext 125
(866)314-4200 ext 125
dean at webworkznetwork.com (office)
dean.mobile at webworkznetwork.com (mobile)
http://www.webworkznetwork.com

More information about the PLUG mailing list