[Charlug] Server break-in attempt through NAGIOS user
Jason Watts
jsnonzzr at gmail.com
Thu Sep 6 18:44:23 EDT 2007
Dave,
I see all sorts of bad traffic come off of the RIPE network. If you cant
find a legitimate reason to allow any traffic from that network, I would
suggest to just blacklist the whole IP range and open it up later if you
have a user complaining.
JSN
On 9/6/07, David Simmons <dave at dgnal.net> wrote:
>
> Guys/Gals,
>
> Just was able to catch a 'break in attempt' on one of my webservers
>
> It was from the RIPE network in Amserdam....IP address was *86.126.41.177
>
> *they were logging in through the NAGIOS user and (trying to run) two
> programs (files from):
>
> brute.tgz
> fast.tgz
>
> Just a word of caution to double-check those servers....
>
> dave
>
> _______________________________________________
> CharLUG mailing list
> CharLUG at charlug.org
> http://charlug.org/cgi-bin/mailman/listinfo/charlug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://charlug.org/pipermail/charlug/attachments/20070906/01df53cf/att=
achment.htm
More information about the CharLUG
mailing list