SYSMGR

We're a bunch of Computers: Diana, Daphne, and Dido, called the 3D-cluster, running OpenVMS, Io running OpenVMS as well (in some obscure role in the network) Aphrodite, Athene and Irene running WindowsXP-Pro (SP2, of course) and Cerberus at the edge of the Network, with Charon, also running Linux, as standby. SYSMGR takes care of us.

Sunday, December 18

18-Dec-2005

Security report
A few mail:

16-DEC-2005 00:35:48.68 NOSPAMRLY 125.188.61.77 gjwns_11@daum.net
16-DEC-2005 12:52:29.86 CLNTINRBL 72.16.210.65
17-DEC-2005 01:40:19.40 NOSPAMRLY 125.188.61.77 gjwns_44@daum.net
17-DEC-2005 02:01:15.58 BADMF nrichter@gmail.com
17-DEC-2005 05:37:14.79 CLNTINRBL 24.130.218.50
17-DEC-2005 18:40:26.25 CLNTINRBL 62.205.168.13
17-DEC-2005 20:28:17.52 CLNTINRBL 202.127.23.56
17-DEC-2005 20:28:33.48 CLNTINRBL 212.217.30.194
17-DEC-2005 20:51:45.56 NOSPAMRLY 125.188.61.77 gjwns_11@daum.net
18-DEC-2005 00:43:17.11 CLNTINRBL 24.29.173.66
18-DEC-2005 00:43:24.30 CLNTINRBL 218.242.35.16
18-DEC-2005 00:43:54.12 CLNTINRBL 202.180.103.77
18-DEC-2005 03:39:43.97 CLNTINRBL 69.242.93.81

and one attempt using anonymous FTP (a script as usual)

%%%%%%%%%%% OPCOM 17-DEC-2005 02:43:39.01 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: 233-139.240.81.adsl.skynet.be
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.051217024339p]

Short time, just over 4 seconds:

17-DEC-2005 02:43:38.31 User:anonymous logged in ident:Zgpuser@home.com from Host:233-139.240.81.adsl.skynet.be
17-DEC-2005 02:43:38.88 User:anonymous ident:Zgpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
17-DEC-2005 02:43:39.07 User:anonymous ident:Zgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:pub
17-DEC-2005 02:43:42.49 User:anonymous ident:Zgpuser@home.com logged out

but, as usual, the normal Windows (IIS) and Linux (Apache) attempts:

%TCPIP-I-FTP_SESCON, FTP SERVER: session connection from
233-139.240.81.adsl.skynet.be at 17-DEC-2005 02:43:38.09
%TCPIP-I-FTP_NODE, client host name: 233-139.240.81.adsl.skynet.be
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: WEB_DISK:[public.anonymous.051217024339p]
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00023: Failed to create directory
%SYSTEM-F-NOPRIV, insufficient privilege or object protection violation
%TCPIP-I-FTP_NODE, client host name: 233-139.240.81.adsl.skynet.be
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: SYS$POSIX_ROOT^:pub
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00023: Failed to set default directory
%TCPIP-E-FTP_BADDIR, invalid directory%TCPIP-I-FTP_NODE,
client host name: 233-139.240.81.adsl.skynet.be
%TCPIP-I-FTP_USER, user name: anonymous

and the obvious other locatiojns:

%TCPIP-I-FTP_OBJ, object: /images/
%TCPIP-I-FTP_OBJ, object: /pub/images /pub/_vti_pvt/
%TCPIP-I-FTP_OBJ, object: /pub/_vti_txt/
%TCPIP-I-FTP_OBJ, object: /wwwroot/
%TCPIP-I-FTP_OBJ, object: /wwwroot/incoming/
%TCPIP-I-FTP_OBJ, object: /wwwroot/pub/
%TCPIP-I-FTP_OBJ, object: /public/incoming/
%TCPIP-I-FTP_OBJ, object: /incoming/
%TCPIP-I-FTP_OBJ, object: /pub/incoming/
%TCPIP-I-FTP_OBJ, object: /upload/
%TCPIP-I-FTP_OBJ, object: /_vti_cfg/
%TCPIP-I-FTP_OBJ, object: /_vti_cnf/
%TCPIP-I-FTP_OBJ, object: /_vti_pvt/
%TCPIP-I-FTP_OBJ, object: /_vti_txt/
%TCPIP-I-FTP_OBJ, object: /_vti_log/
%TCPIP-I-FTP_OBJ, object: /wwwroot/
%TCPIP-I-FTP_OBJ, object: /www/
%TCPIP-I-FTP_OBJ, object: /public/
%TCPIP-I-FTP_OBJ, object: /outgoing/
%TCPIP-I-FTP_OBJ, object: /temp/
%TCPIP-I-FTP_OBJ, object: /tmp/
%TCPIP-I-FTP_OBJ, object: /anonymous/_vti_pvt/
%TCPIP-I-FTP_OBJ, object: /anonymous/incoming/
%TCPIP-I-FTP_OBJ, object: /mailroot/
%TCPIP-I-FTP_OBJ, object: /ftproot/
%TCPIP-I-FTP_OBJ, object: /anonymous/pub/
%TCPIP-I-FTP_OBJ, object: /anonymous/public/
%TCPIP-I-FTP_OBJ, object: /anonymous/
%TCPIP-I-FTP_OBJ, object: /images/
%TCPIP-I-FTP_OBJ, object: /_private/
%TCPIP-I-FTP_OBJ, object: /cgi-bin/
%TCPIP-I-FTP_OBJ, object: /cgibin/
%TCPIP-I-FTP_OBJ, object: /usr/
%TCPIP-I-FTP_OBJ, object: /usr/incoming/
%TCPIP-I-FTP_OBJ, object: /home/
%TCPIP-I-FTP_OBJ, object: /in/
%TCPIP-I-FTP_OBJ, object: /html/
%TCPIP-I-FTP_OBJ, object: /cgi-bin/
%TCPIP-I-FTP_OBJ, object: /_private/
%TCPIP-I-FTP_OBJ, object: /cgi-bin/
%TCPIP-I-FTP_OBJ, object: /cgibin/
%TCPIP-I-FTP_OBJ, object: /usr/
%TCPIP-I-FTP_OBJ, object: /usr/incoming/
%TCPIP-I-FTP_OBJ, object: /public_html/
%TCPIP-I-FTP_OBJ, object: /pub/incoming/
%TCPIP-I-FTP_OBJ, object: /public/incoming/
%TCPIP-I-FTP_OBJ, object: /mailroot/
%TCPIP-I-FTP_OBJ, object: /ftproot/
%TCPIP-I-FTP_OBJ, object: /home/
%TCPIP-I-FTP_OBJ, object: /_private/
%TCPIP-I-FTP_OBJ, object: /temp/
%TCPIP-I-FTP_OBJ, object: /~temp/
%TCPIP-I-FTP_OBJ, object: /tmp/
%TCPIP-I-FTP_OBJ, object: /~tmp/
%TCPIP-I-FTP_OBJ, object: /outgoing/
%TCPIP-I-FTP_OBJ, object: /_private/
%TCPIP-I-FTP_OBJ, object: /temp/
%TCPIP-I-FTP_OBJ, object: /~temp/
%TCPIP-I-FTP_OBJ, object: /anonymous/public/
%TCPIP-I-FTP_OBJ, object: /public/
%TCPIP-I-FTP_OBJ, object: /upload/

%TCPIP-I-FTP_SESDCN, FTP SERVER: session disconnection from
233-139.240.81.adsl.skynet.be at 17-DEC-2005 02:43:42.58

No harm done (of course)

posted by SYSMGR @ 10:30 PM 

0 Comments:

Post a Comment

<< Home