Hmmm... Wasn't sure about that. Doesn't look like he was able to get
in as there are another dozen or so messages after which show repeated
attempts to get in with FTP (user anonymous) and so on. Looks like
after 10 minutes he gave up.
I've already spoken with the ISP's security group and they are getting
in touch with this guy. I think we're seeing a DSL customer about to
loose his DSL as they frown on such activities.
I appreciate your help and will check the link.
Thx
Frank
On Wed, 01 Dec 1999, Frank Carreiro wrote:
> Does anybody know what this message means?
>
> telnetd: ttloop: peer died: Invalid or incomplete multibyte or wide
> character
>
> Found that in my /var/log/messages file today after I noticed the
> following in my secure log
>
> Dec 1 12:53:54 yoda in.telnetd [26572]: connect from 208.45.17.48
>
> I've also noticed several other "odd" secure log entries. I've already
> blocked the IP address until I get more information and have already
> contacted the ISP (Qwest) in Denver CO about this "strange" behavior.
>
> Let me know what you guys think. I appreciate it
>
> Frank
> \
Looks like a port-scan on your telnet port using sscan.
There is an excellent series of articles on this topic at
http://www.securityfocus.com in the forums/know your enemy forum.
Regards,
Tony.
--
Computers are actually powered by Chaos theory, not electricity... that
is just for the fan.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
