Today, as for the last few days, I have been trying to track this down.
Please help.
Dec 16 13:27:38 c465357-a portsentry[8432]: attackalert: Connect from
host: 12.30.163.51/12.30.163.51 to UDP port: 137
Dec 16 13:27:38 c465357-a portsentry[8432]: attackalert: Host:
12.30.163.51 is already blocked. Ignoring
Dec 16 13:28:48 c465357-a portsentry[8432]: attackalert: Connect from
host: 12.30.163.51/12.30.163.51 to UDP port: 137
Dec 16 13:28:48 c465357-a portsentry[8432]: attackalert: Host:
12.30.163.51 is already blocked. Ignoring
He has been talking to nothing since he has been forwarded to localhost
for weeks, but this week he seems persistant.. I did a nslookup and its
either not a valid ip, or he has his own and is not publishing it. I just
need to some help tracking it down so he can be taken off the net.
I have logs of him trying to crack inetd, and various other ports. Since
inetd was the on;y open slot, thats the only one he tried for 10 mins.
Trying to buffer overflow it i think.
Thanks
Jeff
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
