John Von Essen
john at essenz.com
Wed Dec 15 15:55:26 PST 2004
Sort of off topic, but thought people here would be interested.
MCI contacted me today because one of my systems is doing ssh logins
(failed) to a box they have no right ssh-ing into. After some packet
analysis, its clear that something is inside my network. The only solid
evidence I have is a machine behind one of my gateways (BigIP) was trying
to download a file called brute3.tar.gz via HTTP from 188.8.131.52. The
download was unsuccessful.
Whatever this thing is, its tricky. It only runs a few times a day, so it
is tough to find the culprit source with ethereal unless I run ethereal
all day. In packet capture mode.
Any thoughts? Has anyone heard of anything like this?
More information about the freebsd-hackers