http://bopper.wcbe.org/~COLUG/9811mtg/in_the_act.txt On two separate hosts, in different C class ranges: ============================== (On Centurion) [root@centurion log]# tail -100 probelog 4:57pm up 16:15, 10 users, load average: 0.91, 0.94, 0.70 Login: admin Name: system administrator Directory: /home/nate Shell: /bin/bash On since Mon Nov 16 00:46 (EST) on tty1 16 seconds idle No mail. No Plan. Login: root Name: Directory: /root Shell: /bin/bash On since Mon Nov 16 00:47 (EST) on tty2 15 minutes 55 seconds idle On since Mon Nov 16 12:46 (EST) on tty3 15 minutes 51 seconds idle On since Mon Nov 16 12:48 (EST) on tty4 15 minutes 38 seconds idle On since Mon Nov 16 13:08 (EST) on tty5 54 seconds idle On since Mon Nov 16 13:21 (EST) on tty6 8 minutes 38 seconds idle On since Mon Nov 16 14:18 (EST) on tty8 2 hours 30 minutes idle On since Mon Nov 16 13:50 (EST) on tty9 1 minute 19 seconds idle On since Mon Nov 16 13:40 (EST) on tty10 7 seconds idle On since Mon Nov 16 00:47 (EST) on tty11 3 minutes 38 seconds idle No mail. [root@centurion log]# grep strat secure | tail Nov 16 16:58:48 centurion in.fingerd[18621]: refused connect from root@pm3-17-25.stratos.net Nov 16 16:58:49 centurion in.telnetd[18622]: refused connect from root@pm3-17-25.stratos.net Nov 16 16:58:53 centurion imapd[18635]: refused connect from root@pm3-17-25.stratos.net Nov 16 16:59:01 centurion in.telnetd[18646]: refused connect from root@pm3-17-25.stratos.net ============================================== (On Landlocked) [pm3-17-25.stratos.net] Welcome to Linux version 2.0.35 at Sector-X.Technologies.com ! 4:56pm up 16:14, 10 users, load average: 0.90, 0.92, 0.68 Login: admin Name: system administrator Directory: /home/nate Shell: /bin/bash On since Mon Nov 16 00:46 (EST) on tty1 58 seconds idle No mail. No Plan. Login: root Name: Directory: /root Shell: /bin/bash On since Mon Nov 16 00:47 (EST) on tty2 15 minutes 4 seconds idle On since Mon Nov 16 12:46 (EST) on tty3 15 minutes idle On since Mon Nov 16 12:48 (EST) on tty4 14 minutes 47 seconds idle On since Mon Nov 16 13:08 (EST) on tty5 3 seconds idle On since Mon Nov 16 13:21 (EST) on tty6 7 minutes 47 seconds idle On since Mon Nov 16 14:18 (EST) on tty8 2 hours 29 minutes idle On since Mon Nov 16 13:50 (EST) on tty9 28 seconds idle On since Mon Nov 16 13:40 (EST) on tty10 15 seconds idle On since Mon Nov 16 00:47 (EST) on tty11 2 minutes 47 seconds idle No mail. No Plan. [root@landlocked log]# grep stra secure | tail Nov 16 16:57:56 landlocked ipop3d[30236]: refused connect from root@pm3-17-25.stratos.net Nov 16 16:57:56 landlocked in.fingerd[30233]: refused connect from root@pm3-17-25.stratos.net Nov 16 16:57:56 landlocked in.telnetd[30234]: refused connect from root@pm3-17-25.stratos.net Nov 16 16:58:02 landlocked in.telnetd[30237]: refused connect from root@pm3-17-25.stratos.net [root@landlocked log]# whois stratos.net [rs.internic.net] Registrant: STRATOS Internet Group, Inc (STRATOS2-DOM) 1621 Euclid AvenueSuite 538 Cleveland, OH 44115 Domain Name: STRATOS.NET Administrative Contact, Technical Contact, Zone Contact: DeSantis, Daniel (DD1063) dan@STRATOS.NET (216) 902-4330 x201 (FAX) (216) 902-4336 Billing Contact: DeSantis, Daniel (DD1063) dan@STRATOS.NET (216) 902-4330 x201 (FAX) (216) 902-4336 Record last updated on 13-Mar-97. Record created on 15-Jan-96. Database last updated on 18-Nov-98 05:04:20 EST. Domain servers in listed order: HOME.STRATOS.NET 209.117.223.2 HOME2.STRATOS.NET 209.117.223.3 =============================================== email to internic listed sysadmin: We have had one of our hosts probescanned from one of your hosts. It appears to be a user named: nate . From the return times on the traceroute, it appears that rather heavy duty portscanning was going ...: Subject: in.telnetd_pm3-17-25.stratos.net_root@pm3-17-25.stratos.net Date: Mon, 16 Nov 1998 16:59:37 -0500 From: root To: probe@owlriver.com ============================== in.telnetd probe from in.telnetd_#_pm3-17-25.stratos.net_#_root@pm3-17-25.stratos.net Mon Nov 16 16:59:03 EST 1998 [pm3-17-25.stratos.net] Welcome to Linux version 2.0.35 at Sector-X.Technologies.com ! 4:57pm up 16:15, 10 users, load average: 0.91, 0.94, 0.70 Login: admin Name: system administrator Directory: /home/nate Shell: /bin/bash On since Mon Nov 16 00:46 (EST) on tty1 16 seconds idle No mail. No Plan. Login: root Name: Directory: /root Shell: /bin/bash On since Mon Nov 16 00:47 (EST) on tty2 15 minutes 55 seconds idle On since Mon Nov 16 12:46 (EST) on tty3 15 minutes 51 seconds idle On since Mon Nov 16 12:48 (EST) on tty4 15 minutes 38 seconds idle On since Mon Nov 16 13:08 (EST) on tty5 54 seconds idle On since Mon Nov 16 13:21 (EST) on tty6 8 minutes 38 seconds idle On since Mon Nov 16 14:18 (EST) on tty8 2 hours 30 minutes idle On since Mon Nov 16 13:50 (EST) on tty9 1 minute 19 seconds idle On since Mon Nov 16 13:40 (EST) on tty10 7 seconds idle On since Mon Nov 16 00:47 (EST) on tty11 3 minutes 38 seconds idle No mail. No Plan. [pm3-17-25.stratos.net] Welcome to Linux version 2.0.35 at Sector-X.Technologies.com ! 4:57pm up 16:15, 10 users, load average: 1.09, 0.97, 0.71 Login Name Tty Idle Login Time Office Office Phone admin system administrator 1 Nov 16 00:46 root 2 16 Nov 16 00:47 root 3 16 Nov 16 12:46 root 4 15 Nov 16 12:48 root 5 Nov 16 13:08 root 6 8 Nov 16 13:21 root 8 2:30 Nov 16 14:18 root 9 1 Nov 16 13:50 root 10 Nov 16 13:40 root 11 3 Nov 16 00:47 1 on-ramp.iwaynet.net (198.30.29.2) 6.609 ms 4.431 ms 6.068 ms 2 oeb8-sl1-0-4.columbus.oar.net (199.18.105.57) 12.428 ms 11.474 ms 7.266 ms 3 clv1-atm1-0.cleveland.oar.net (199.18.202.61) 17.694 ms 90.330 ms 22.061 ms 4 209.49.240.73 (209.49.240.73) 21.230 ms 41.978 ms 59.086 ms 5 cle1-core1-fa8-1-0.atlas.digex.net (165.117.53.217) 33.819 ms 69.713 ms 69.252 ms 6 209.49.240.50 (209.49.240.50) 19.198 ms 16.977 ms 17.244 ms 7 pm3-17.clv.stratos.net (207.87.126.210) 16.384 ms 17.900 ms 19.393 ms 8 pm3-17-25.stratos.net (207.87.124.25) 1040.009 ms 601.227 ms 1290.894 ms ================================== Nov 16 16:57:56 landlocked imapd[30235]: connect from root@207.87.124.25 Nov 16 16:57:56 landlocked ipop3d[30236]: refused connect from root@pm3-17-25.stratos.net Nov 16 16:57:56 landlocked in.fingerd[30233]: refused connect from root@pm3-17-25.stratos.net Nov 16 16:57:56 landlocked in.telnetd[30234]: refused connect from root@pm3-17-25.stratos.net Nov 16 16:58:02 landlocked in.telnetd[30237]: refused connect from root@pm3-17-25.stratos.net ================ All time are Eastern. Please investigate, and advise us of the results.