> tracer crossmatch ==================================================== Tracer Starting Engines on all.net by fc. Mon Mar 18 10:36:53 EST 1996 Copyright (c), 1985-6 Management Analytics All Rights Reserved ==================================================== ======>> Start:Crossmatching audit files.
*** Host storm.stud.unit.no has exceeded detection threshold: host total = 5 *storm.stud.unit.no unknown 1996/03/15 05:13:22 in.telnetd 10445 all twist storm.stud.unit.no to (/bin/cat /etc/telmess)& *storm.stud.unit.no unknown 1996/03/15 05:13:23 in.telnetd 10443 all twist storm.stud.unit.no to (/bin/cat /etc/telmess)& *storm.stud.unit.no unknown 1996/03/15 05:13:23 in.telnetd 10444 all twist storm.stud.unit.no to (/bin/cat /etc/telmess)& *storm.stud.unit.no unknown 1996/03/15 05:13:33 in.telnetd 10476 all twist storm.stud.unit.no to (/bin/cat /etc/telmess)& *storm.stud.unit.no unknown 1996/03/15 05:13:42 in.telnetd 10487 all twist storm.stud.unit.no to (/bin/cat /etc/telmess)&
*** Host bushing.plastic.crosslink.net has exceeded detection threshold: host total = 4 *bushing.plastic.crosslink.net root 1996/03/14 19:05:16 in.telnetd 3847 all twist root@bushing.plastic.crosslink.net to (/bin/cat /etc/telmessage)& *bushing.plastic.crosslink.net root 1996/03/14 19:05:33 in.telnetd 3876 all twist root@bushing.plastic.crosslink.net to (/bin/cat /etc/telmessage)& .bushing.plastic.crosslink.net unknown 1996/03/14 19:05:57 in.identd 3931 all connect from bushing.plastic.crosslink.net .bushing.plastic.crosslink.net unknown 1996/03/14 19:06:07 in.identd 3953 all connect from bushing.plastic.crosslink.net *bushing.plastic.crosslink.net root 1996/03/14 19:06:23 in.telnetd 3978 all twist root@bushing.plastic.crosslink.net to (/bin/cat /etc/telmessage)& .bushing.plastic.crosslink.net unknown 1996/03/14 19:06:45 in.identd 4018 all connect from bushing.plastic.crosslink.net *bushing.plastic.crosslink.net root 1996/03/14 19:06:53 in.telnetd 4030 all twist root@bushing.plastic.crosslink.net to (/bin/cat /etc/telmessage)& .bushing.plastic.crosslink.net unknown 1996/03/14 19:07:15 in.identd 4078 all connect from bushing.plastic.crosslink.net
*** Host pip.shsu.edu has exceeded detection threshold: host total = 10 .pip.shsu.edu root 1996/03/14 18:29:30 in.thttpd 1455 all twist root@pip.shsu.edu to /usr/etc/in.thttpd pip.shsu.edu root .pip.shsu.edu root 1996/03/14 18:29:30 thttpd 1455 all cat /index.html .pip.shsu.edu root 1996/03/14 18:29:34 in.thttpd 1457 all twist root@pip.shsu.edu to /usr/etc/in.thttpd pip.shsu.edu root .pip.shsu.edu root 1996/03/14 18:29:34 thttpd 1457 all cat /index.html .pip.shsu.edu root 1996/03/14 18:29:45 in.thttpd 1479 all twist root@pip.shsu.edu to /usr/etc/in.thttpd pip.shsu.edu root .pip.shsu.edu root 1996/03/14 18:29:45 thttpd 1479 all cat /admin/downtime.html .pip.shsu.edu unknown 1996/03/14 18:30:11 in.thttpd 1510 all twist pip.shsu.edu to /usr/etc/in.thttpd pip.shsu.edu unknown .pip.shsu.edu unknown 1996/03/14 18:30:11 thttpd 1510 all cat /integ/index.html
.pip.shsu.edu unknown 1996/03/14 18:31:13 in.fingerd 1585 all connect from pip.shsu.edu *pip.shsu.edu root 1996/03/14 18:31:19 in.rlogind 1586 all refused connect from root@pip.shsu.edu *pip.shsu.edu root 1996/03/14 18:32:11 in.telnetd 1650 all twist root@pip.shsu.edu to (/bin/cat /etc/telmessage)& *pip.shsu.edu root 1996/03/14 18:32:48 in.telnetd 1701 all twist root@pip.shsu.edu to (/bin/cat /etc/telmessage)& *pip.shsu.edu unknown 1996/03/14 18:33:03 in.telnetd 1734 all twist pip.shsu.edu to (/bin/cat /etc/telmessage)& *pip.shsu.edu unknown 1996/03/14 18:33:06 in.telnetd 1739 all twist pip.shsu.edu to (/bin/cat /etc/telmessage)& *pip.shsu.edu stdjxw03 1996/03/14 18:59:50 in.telnetd 3488 all twist stdjxw03@pip.shsu.edu to (/bin/cat /etc/telmessage)& *pip.shsu.edu unknown 1996/03/15 17:02:07 in.telnetd 29773 all refused connect from pip.shsu.edu *pip.shsu.edu unknown 1996/03/15 17:02:14 in.telnetd 29777 all refused connect from pip.shsu.edu *pip.shsu.edu unknown 1996/03/15 17:02:22 in.telnetd 29796 all refused connect from pip.shsu.edu *pip.shsu.edu unknown 1996/03/15 17:04:05 in.telnetd 29911 all refused connect from pip.shsu.edu .pip.shsu.edu unknown 1996/03/16 18:17:13 sendmail 12958 all connect from pip.shsu.edu .pip.shsu.edu unknown 1996/03/16 19:22:42 sendmail 17711 all connect from pip.shsu.edu
*** Host camelot.shsu.edu has exceeded detection threshold: host total = 5 *camelot.shsu.edu unknown 1996/03/14 18:24:56 in.telnetd 1109 all twist camelot.shsu.edu to (/bin/cat /etc/telmessage)& *camelot.shsu.edu unknown 1996/03/15 17:01:14 in.telnetd 29712 all refused connect from camelot.shsu.edu *camelot.shsu.edu unknown 1996/03/15 17:01:20 in.telnetd 29719 all refused connect from camelot.shsu.edu *camelot.shsu.edu unknown 1996/03/15 17:01:29 in.telnetd 29723 all refused connect from camelot.shsu.edu *camelot.shsu.edu unknown 1996/03/15 17:01:42 in.telnetd 29747 all refused connect from camelot.shsu.edu
*** Network shsu.edu has exceeded detection threshold: net total = 17 .niord.shsu.edu unknown 1996/03/15 10:35:16 sendmail 292 all connect from niord.shsu.edu .niord.shsu.edu unknown 1996/03/15 11:57:25 in.thttpd 7529 all twist niord.shsu.edu to /usr/etc/in.thttpd niord.shsu.edu unknown .niord.shsu.edu unknown 1996/03/15 11:57:26 thttpd 7529 all cat /index.html ... .felix.shsu.edu unknown 1996/03/15 17:38:17 in.thttpd 2327 all twist felix.shsu.edu to /usr/etc/in.thttpd felix.shsu.edu unknown .felix.shsu.edu unknown 1996/03/15 17:38:20 thttpd 2327 all cat /journal/netsec/audits/intent2.html *ghost.shsu.edu unknown 1996/03/15 17:44:03 in.telnetd 2731 all refused connect from ghost.shsu.edu .felix.shsu.edu unknown 1996/03/15 17:46:36 in.thttpd 2913 all twist felix.shsu.edu to /usr/etc/in.thttpd felix.shsu.edu unknown
*** Network crl.com has exceeded detection threshold: net total = 15 *crl.com unknown 1996/03/14 17:44:37 in.telnetd 28248 all twist crl.com to (/bin/cat /etc/telmessage)& *crl2.crl.com unknown 1996/03/14 17:44:37 in.telnetd 28249 all twist crl2.crl.com to (/bin/cat /etc/telmessage)& *crl3.crl.com unknown 1996/03/14 17:44:39 in.telnetd 28250 all twist crl3.crl.com to (/bin/cat /etc/telmessage)& *crl4.crl.com unknown 1996/03/14 17:44:40 in.telnetd 28259 all twist crl4.crl.com to (/bin/cat /etc/telmessage)& *crl5.crl.com unknown 1996/03/14 17:44:41 in.telnetd 28269 all twist crl5.crl.com to (/bin/cat /etc/telmessage)& *crl6.crl.com unknown 1996/03/14 17:44:41 in.telnetd 28271 all twist crl6.crl.com to (/bin/cat /etc/telmessage)& *crl7.crl.com unknown 1996/03/14 17:44:43 in.telnetd 28275 all twist crl7.crl.com to (/bin/cat /etc/telmessage)& *crl8.crl.com unknown 1996/03/14 17:44:44 in.telnetd 28285 all twist crl8.crl.com to (/bin/cat /etc/telmessage)& *crl9.crl.com unknown 1996/03/14 17:44:45 in.telnetd 28291 all twist crl9.crl.com to (/bin/cat /etc/telmessage)& *crl11.crl.com unknown 1996/03/14 17:44:46 in.telnetd 28304 all twist crl11.crl.com to (/bin/cat /etc/telmessage)& *crl10.crl.com unknown 1996/03/14 17:44:46 in.telnetd 28298 all twist crl10.crl.com to (/bin/cat /etc/telmessage)& *crl12.crl.com unknown 1996/03/14 17:44:49 in.telnetd 28310 all twist crl12.crl.com to (/bin/cat /etc/telmessage)& *crl13.crl.com unknown 1996/03/14 17:44:50 in.telnetd 28321 all twist crl13.crl.com to (/bin/cat /etc/telmessage)& *crl14.crl.com unknown 1996/03/14 17:44:52 in.telnetd 28322 all twist crl14.crl.com to (/bin/cat /etc/telmessage)& ... *crl11.crl.com unknown 1996/03/16 17:36:20 in.telnetd 10025 all twist crl11.crl.com to (/bin/cat /etc/telmess)& ...
In this case, we contacted the site within a few minutes by phone, but they claimed they could find no common thread. I asked them to kick it upstairs but have heard nothing back since. It should be easy to track down the person responsible for this.
*** Host soda.csua.berkeley.edu has exceeded detection threshold: host total = 25 *soda.csua.berkeley.edu unknown 1996/03/13 15:12:01 in.telnetd 24216 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 15:12:39 in.telnetd 24326 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 15:13:10 in.telnetd 24370 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 15:13:51 in.telnetd 24461 all refused connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 15:14:12 sendmail 24511 all connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 15:14:37 sendmail 24550 all connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 15:15:05 sendmail 24607 all connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 15:20:03 in.telnetd 25282 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 15:38:50 in.telnetd 28188 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 16:03:54 in.telnetd 1669 all refused connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 16:04:26 in.fingerd 1735 all connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 16:05:01 in.fingerd 1819 all connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 16:05:11 in.fingerd 1846 all connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 16:05:17 in.fingerd 1865 all connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 16:06:19 in.telnetd 2006 all refused connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 16:28:49 in.fingerd 4364 all connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 16:29:09 in.fingerd 4396 all connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 16:31:15 in.telnetd 4600 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 16:39:29 in.telnetd 5373 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 16:51:37 in.telnetd 6425 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 16:56:14 in.telnetd 6845 all refused connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 16:57:02 sendmail 6915 all connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 17:07:13 in.telnetd 7796 all refused connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 17:13:54 sendmail 8370 all connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 17:30:26 in.telnetd 9798 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 17:30:46 in.rlogind 9824 all refused connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 17:33:24 in.fingerd 10041 all connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 17:47:44 in.ftpd 11188 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 18:20:54 in.telnetd 13912 all refused connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 19:19:54 in.fingerd 20649 all connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 19:39:35 in.thttpd 23306 all twist soda.CSUA.Berkeley.EDU to /usr/etc/in.thttpd soda.CSUA.Berkeley.EDU unknown .soda.csua.berkeley.edu unknown 1996/03/13 19:39:35 thttpd 23306 all cat /index.html .soda.csua.berkeley.edu unknown 1996/03/13 19:39:58 in.thttpd 23339 all twist soda.CSUA.Berkeley.EDU to /usr/etc/in.thttpd soda.CSUA.Berkeley.EDU unknown .soda.csua.berkeley.edu unknown 1996/03/13 19:39:58 thttpd 23339 all cat /admin/usepolicy.html ...
*soda.csua.berkeley.edu unknown 1996/03/13 20:51:07 in.telnetd 29066 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 20:51:32 in.telnetd 29099 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/13 20:55:00 in.telnetd 29388 all refused connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/13 22:02:24 in.fingerd 5375 all connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/14 01:33:04 in.fingerd 20562 all connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/14 01:37:49 in.thttpd 20973 all twist soda.CSUA.Berkeley.EDU to /usr/etc/in.thttpd soda.CSUA.Berkeley.EDU unknown .soda.csua.berkeley.edu unknown 1996/03/14 01:37:49 thttpd 20973 all cat /index.html *soda.csua.berkeley.edu unknown 1996/03/14 03:43:56 in.telnetd 29784 all refused connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/14 17:37:16 in.fingerd 27812 all connect from soda.CSUA.Berkeley.EDU .soda.csua.berkeley.edu unknown 1996/03/14 17:37:21 in.fingerd 27820 all connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/15 04:05:24 in.ftpd 6656 all refused connect from soda.CSUA.Berkeley.EDU *soda.csua.berkeley.edu unknown 1996/03/15 04:10:16 in.telnetd 6931 all twist soda.CSUA.Berkeley.EDU to (/bin/cat /etc/telmess)& *soda.csua.berkeley.edu unknown 1996/03/15 04:12:42 in.telnetd 7089 all twist soda.CSUA.Berkeley.EDU to (/bin/cat /etc/telmess)& *soda.csua.berkeley.edu unknown 1996/03/15 06:16:42 in.telnetd 13945 all twist soda.CSUA.Berkeley.EDU to (/bin/cat /etc/telmess)&
*** Host uclink.berkeley.edu has exceeded detection threshold: host total = 23 *uclink.berkeley.edu unknown 1996/03/13 16:31:47 in.telnetd 4640 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/13 16:36:47 in.telnetd 5142 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/13 17:21:08 in.telnetd 9003 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/13 17:21:22 in.telnetd 9031 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/13 17:33:00 in.telnetd 10006 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/14 00:43:44 in.telnetd 17128 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/14 01:34:49 in.telnetd 20679 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/14 01:35:51 in.telnetd 20772 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/14 01:35:55 in.telnetd 20799 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/14 01:36:43 in.telnetd 20860 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/14 01:37:16 in.telnetd 20921 all refused connect from uclink.Berkeley.EDU .uclink.berkeley.edu unknown 1996/03/14 01:37:41 in.thttpd 20956 all twist uclink.Berkeley.EDU to /usr/etc/in.thttpd uclink.Berkeley.EDU unknown *uclink.berkeley.edu unknown 1996/03/14 01:37:47 in.telnetd 20971 all refused connect from uclink.Berkeley.EDU .uclink.berkeley.edu unknown 1996/03/14 01:38:23 thttpd 20956 all cat /index.html *uclink.berkeley.edu unknown 1996/03/14 01:38:44 in.telnetd 21075 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/14 01:40:15 in.telnetd 21221 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/14 01:40:51 in.telnetd 21281 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/14 01:41:02 in.telnetd 21295 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/14 01:44:00 in.telnetd 21545 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/14 03:53:43 in.telnetd 566 all refused connect from uclink.Berkeley.EDU .uclink.berkeley.edu unknown 1996/03/14 13:46:14 in.fingerd 12389 all connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/14 13:46:32 in.telnetd 12409 all twist uclink.Berkeley.EDU to (/bin/cat /etc/telmessage)& *uclink.berkeley.edu unknown 1996/03/14 23:08:03 in.telnetd 20277 all twist uclink.Berkeley.EDU to (/bin/cat /etc/telmess)& *uclink.berkeley.edu unknown 1996/03/15 04:15:57 in.telnetd 7303 all twist uclink.Berkeley.EDU to (/bin/cat /etc/telmess)& *uclink.berkeley.edu unknown 1996/03/15 17:45:54 in.telnetd 2862 all refused connect from uclink.Berkeley.EDU *uclink.berkeley.edu unknown 1996/03/15 22:21:09 in.telnetd 22750 all twist uclink.Berkeley.EDU to (/bin/cat /etc/telmess)&
*** Host pentell.hip.berkeley.edu has exceeded detection threshold: host total = 4 .pentell.hip.berkeley.edu unknown 1996/03/14 19:00:48 in.fingerd 3571 all connect from pentell.HIP.Berkeley.EDU .pentell.hip.berkeley.edu unknown 1996/03/14 19:01:43 in.thttpd 3620 all twist pentell.HIP.Berkeley.EDU to /usr/etc/in.thttpd pentell.HIP.Berkeley.EDU unknown .pentell.hip.berkeley.edu unknown 1996/03/14 19:01:43 thttpd 3620 all cat /index.html .pentell.hip.berkeley.edu unknown 1996/03/14 19:01:49 in.thttpd 3638 all twist pentell.HIP.Berkeley.EDU to /usr/etc/in.thttpd pentell.HIP.Berkeley.EDU unknown .pentell.hip.berkeley.edu unknown 1996/03/14 19:01:49 thttpd 3638 all cat /allnet.gif .pentell.hip.berkeley.edu unknown 1996/03/14 19:02:19 in.thttpd 3666 all twist pentell.HIP.Berkeley.EDU to /usr/etc/in.thttpd pentell.HIP.Berkeley.EDU unknown .pentell.hip.berkeley.edu unknown 1996/03/14 19:02:19 thttpd 3666 all cat /readonly.html .pentell.hip.berkeley.edu unknown 1996/03/14 19:03:10 in.thttpd 3718 all twist pentell.HIP.Berkeley.EDU to /usr/etc/in.thttpd pentell.HIP.Berkeley.EDU unknown .pentell.hip.berkeley.edu unknown 1996/03/14 19:03:11 thttpd 3718 all cat /admin/downtime.html .pentell.hip.berkeley.edu unknown 1996/03/14 19:03:51 in.thttpd 3769 all twist pentell.HIP.Berkeley.EDU to /usr/etc/in.thttpd pentell.HIP.Berkeley.EDU unknown .pentell.hip.berkeley.edu unknown 1996/03/14 19:03:51 thttpd 3769 all cat /ips/index.html .pentell.hip.berkeley.edu unknown 1996/03/14 19:05:09 in.thttpd 3845 all twist pentell.HIP.Berkeley.EDU to /usr/etc/in.thttpd pentell.HIP.Berkeley.EDU unknown .pentell.hip.berkeley.edu unknown 1996/03/14 19:05:09 thttpd 3845 all cat /ips/audit.html .pentell.hip.berkeley.edu unknown 1996/03/14 19:05:58 in.thttpd 3932 all twist pentell.HIP.Berkeley.EDU to /usr/etc/in.thttpd pentell.HIP.Berkeley.EDU unknown .pentell.hip.berkeley.edu unknown 1996/03/14 19:05:58 thttpd 3932 all cat /ips/vts.html .pentell.hip.berkeley.edu unknown 1996/03/14 19:06:14 in.thttpd 3967 all twist pentell.HIP.Berkeley.EDU to /usr/etc/in.thttpd pentell.HIP.Berkeley.EDU unknown .pentell.hip.berkeley.edu unknown 1996/03/14 19:06:14 thttpd 3967 all cat /tests/index.html
*pentell.hip.berkeley.edu unknown 1996/03/14 19:07:11 in.ftpd 4067 all refused connect from pentell.HIP.Berkeley.EDU *pentell.hip.berkeley.edu unknown 1996/03/14 19:07:24 in.readonly 4088 all twist pentell.HIP.Berkeley.EDU to /usr/etc/in.readonly pentell.HIP.Berkeley.EDU unknown .pentell.hip.berkeley.edu unknown 1996/03/14 19:07:26 thttpd 4088 all ls *pentell.hip.berkeley.edu unknown 1996/03/14 19:07:49 in.telnetd 4125 all twist pentell.HIP.Berkeley.EDU to (/bin/cat /etc/telmessage)& .pentell.hip.berkeley.edu unknown 1996/03/14 19:08:18 in.identd 4170 all connect from pentell.HIP.Berkeley.EDU .pentell.hip.berkeley.edu unknown 1996/03/14 19:08:26 in.identd 4190 all connect from pentell.HIP.Berkeley.EDU .pentell.hip.berkeley.edu unknown 1996/03/14 19:16:06 sendmail 4657 all connect from pentell.HIP.Berkeley.EDU .pentell.hip.berkeley.edu unknown 1996/03/14 19:16:42 sendmail 4699 all connect from pentell.HIP.Berkeley.EDU *pentell.hip.berkeley.edu unknown 1996/03/14 19:18:41 in.rlogind 4811 all refused connect from pentell.HIP.Berkeley.EDU .pentell.hip.berkeley.edu unknown 1996/03/14 19:18:44 in.identd 4829 all connect from pentell.HIP.Berkeley.EDU .pentell.hip.berkeley.edu unknown 1996/03/14 19:18:51 in.identd 4839 all connect from pentell.HIP.Berkeley.EDU
*** Host godzilla.eecs.berkeley.edu has exceeded detection threshold: host total = 4 .godzilla.eecs.berkeley.edu danh 1996/03/13 16:40:30 thttpd 5469 all cat /index.html .godzilla.eecs.berkeley.edu danh 1996/03/13 16:40:30 in.thttpd 5469 all twist danh@godzilla.EECS.Berkeley.EDU to /usr/etc/in.thttpd godzilla.EECS.Berkeley.EDU danh .godzilla.eecs.berkeley.edu unknown 1996/03/13 16:40:50 in.redirect 5502 all connect from godzilla.EECS.Berkeley.EDU ... .godzilla.eecs.berkeley.edu danh 1996/03/13 16:44:36 thttpd 5843 all cat /refs/Boorman88.html *godzilla.eecs.berkeley.edu kenji 1996/03/14 03:43:15 in.telnetd 29717 all refused connect from kenji@godzilla.EECS.Berkeley.EDU .godzilla.eecs.berkeley.edu unknown 1996/03/14 03:43:48 in.identd 29777 all connect from godzilla.EECS.Berkeley.EDU .godzilla.eecs.berkeley.edu unknown 1996/03/14 03:45:21 sendmail 29901 all connect from godzilla.EECS.Berkeley.EDU ... .godzilla.eecs.berkeley.edu danh 1996/03/14 17:48:49 in.thttpd 28690 all twist danh@godzilla.EECS.Berkeley.EDU to /usr/etc/in.thttpd godzilla.EECS.Berkeley.EDU danh .godzilla.eecs.berkeley.edu danh 1996/03/14 17:48:49 thttpd 28690 all cat /progver.html *godzilla.eecs.berkeley.edu agee 1996/03/14 18:21:51 in.telnetd 890 all twist agee@godzilla.EECS.Berkeley.EDU to (/bin/cat /etc/telmessage)& .godzilla.eecs.berkeley.edu unknown 1996/03/14 18:22:27 in.identd 954 all connect from godzilla.EECS.Berkeley.EDU .godzilla.eecs.berkeley.edu danh 1996/03/17 02:02:20 thttpd 14546 all cat /index.html .godzilla.eecs.berkeley.edu danh 1996/03/17 02:02:20 in.thttpd 14546 all twist danh@godzilla.EECS.Berkeley.EDU to /usr/etc/in.thttpd godzilla.EECS.Berkeley.EDU danh .godzilla.eecs.berkeley.edu danh 1996/03/17 02:02:29 thttpd 14563 all cat /products/index.html .godzilla.eecs.berkeley.edu danh 1996/03/17 02:02:29 in.thttpd 14563 all twist danh@godzilla.EECS.Berkeley.EDU to /usr/etc/in.thttpd godzilla.EECS.Berkeley.EDU danh .godzilla.eecs.berkeley.edu danh 1996/03/17 02:03:08 in.thttpd 14607 all twist danh@godzilla.EECS.Berkeley.EDU to /usr/etc/in.thttpd godzilla.EECS.Berkeley.EDU danh .godzilla.eecs.berkeley.edu danh 1996/03/17 02:03:09 thttpd 14607 all cat /products/otp.html *godzilla.eecs.berkeley.edu unknown 1996/03/17 02:54:13 in.ftpd 17867 all refused connect from godzilla.EECS.Berkeley.EDU *godzilla.eecs.berkeley.edu manoj 1996/03/17 02:54:27 in.telnetd 17885 all twist manoj@godzilla.EECS.Berkeley.EDU to (/bin/cat /etc/telmess)& .godzilla.eecs.berkeley.edu unknown 1996/03/17 02:55:00 in.identd 17944 all connect from godzilla.EECS.Berkeley.EDU
*** Network net.berkeley.edu has exceeded detection threshold: net total = 67 *madrone.cs.berkeley.edu unknown 1996/03/13 16:05:54 in.telnetd 1946 all refused connect from madrone.CS.Berkeley.EDU .madrone.cs.berkeley.edu unknown 1996/03/13 16:29:20 thttpd 4406 all cat /index.html .madrone.cs.berkeley.edu unknown 1996/03/13 16:29:20 in.thttpd 4406 all twist madrone.CS.Berkeley.EDU to /usr/etc/in.thttpd madrone.CS.Berkeley.EDU unknown ... .madrone.cs.berkeley.edu unknown 1996/03/13 16:30:56 in.thttpd 4567 all twist madrone.CS.Berkeley.EDU to /usr/etc/in.thttpd madrone.CS.Berkeley.EDU unknown .uclink4.berkeley.edu unknown 1996/03/13 16:33:10 in.identd 4786 all connect from uclink4.Berkeley.EDU *othello.sph.berkeley.edu unknown 1996/03/13 16:34:02 in.telnetd 4881 all refused connect from othello.SPH.Berkeley.EDU .uclink4.berkeley.edu unknown 1996/03/13 16:38:04 in.identd 5268 all connect from uclink4.Berkeley.EDU .madrone.cs.berkeley.edu unknown 1996/03/13 16:42:02 in.thttpd 5612 all twist madrone.CS.Berkeley.EDU to /usr/etc/in.thttpd madrone.CS.Berkeley.EDU unknown .madrone.cs.berkeley.edu unknown 1996/03/13 16:42:03 thttpd 5612 all cat /hudsonoh/index.html .madrone.cs.berkeley.edu unknown 1996/03/13 16:47:45 sendmail 6103 all connect from madrone.CS.Berkeley.EDU .uclink4.berkeley.edu unknown 1996/03/13 17:22:26 in.identd 9161 all connect from uclink4.Berkeley.EDU .uclink4.berkeley.edu unknown 1996/03/13 17:22:38 in.identd 9174 all connect from uclink4.Berkeley.EDU .uclink4.berkeley.edu unknown 1996/03/13 17:33:55 in.identd 10089 all connect from uclink4.Berkeley.EDU .oceanus.cs.berkeley.edu unknown 1996/03/13 18:10:04 in.fingerd 13020 all connect from oceanus.CS.Berkeley.EDU *franklin.cs.berkeley.edu 9918 1996/03/13 19:19:08 in.telnetd 20570 all refused connect from 9918@franklin.CS.Berkeley.EDU .haas.berkeley.edu unknown 1996/03/13 19:23:03 in.identd 20900 all connect from haas.Berkeley.EDU .millay.cs.berkeley.edu unknown 1996/03/13 21:33:49 in.thttpd 3099 all twist millay.CS.Berkeley.EDU to /usr/etc/in.thttpd millay.CS.Berkeley.EDU unknown ... .millay.cs.berkeley.edu 25294 1996/03/13 21:57:13 in.thttpd 4961 all twist 25294@millay.CS.Berkeley.EDU to /usr/etc/in.thttpd millay.CS.Berkeley.EDU 25294 .millay.cs.berkeley.edu 25294 1996/03/13 21:57:42 in.thttpd 5001 all twist 25294@millay.CS.Berkeley.EDU to /usr/etc/in.thttpd millay.CS.Berkeley.EDU 25294 .millay.cs.berkeley.edu 25294 1996/03/13 21:57:42 thttpd 5001 all cat /tests/testsuite.html *scam.xcf.berkeley.edu unknown 1996/03/13 21:57:55 in.telnetd 5023 all refused connect from scam.XCF.Berkeley.EDU .brunello.cs.berkeley.edu unknown 1996/03/13 22:00:25 thttpd 5220 all cat /index.html ... .broken.hip.berkeley.edu unknown 1996/03/13 22:07:25 thttpd 5805 all cat /readonly.html .broken.hip.berkeley.edu unknown 1996/03/13 22:07:25 in.thttpd 5805 all twist broken.HIP.Berkeley.EDU to /usr/etc/in.thttpd broken.HIP.Berkeley.EDU unknown *noah.cs.berkeley.edu unknown 1996/03/13 22:10:05 in.telnetd 6016 all refused connect from noah.CS.Berkeley.EDU .scam.xcf.berkeley.edu unknown 1996/03/13 22:10:48 sendmail 6088 all connect from scam.XCF.Berkeley.EDU .uclink4.berkeley.edu unknown 1996/03/14 00:44:38 in.identd 17200 all connect from uclink4.Berkeley.EDU ... .chianti.cs.berkeley.edu unknown 1996/03/14 01:42:07 thttpd 21402 all cat /admin/downtime.html .chianti.cs.berkeley.edu unknown 1996/03/14 01:42:07 in.thttpd 21402 all twist chianti.CS.Berkeley.EDU to /usr/etc/in.thttpd chianti.CS.Berkeley.EDU unknown .uclink4.berkeley.edu unknown 1996/03/14 01:42:09 in.identd 21413 all connect from uclink4.Berkeley.EDU .uclink4.berkeley.edu unknown 1996/03/14 01:42:13 in.identd 21426 all connect from uclink4.Berkeley.EDU .uclink4.berkeley.edu unknown 1996/03/14 01:44:55 in.identd 21634 all connect from uclink4.Berkeley.EDU *fhe35.reshall.berkeley.edu unknown 1996/03/14 02:23:11 in.telnetd 24265 all refused connect from fhe35.ResHall.Berkeley.EDU *fhe35.reshall.berkeley.edu unknown 1996/03/14 02:23:38 in.telnetd 24316 all refused connect from fhe35.ResHall.Berkeley.EDU .uclink4.berkeley.edu unknown 1996/03/14 03:54:42 in.identd 649 all connect from uclink4.Berkeley.EDU *gwythaint.hip.berkeley.edu unknown 1996/03/14 13:07:14 in.telnetd 9796 all twist gwythaint.HIP.Berkeley.EDU to (/bin/cat /etc/telmessage)& .gwythaint.hip.berkeley.edu unknown 1996/03/14 13:08:17 in.identd 9877 all connect from gwythaint.HIP.Berkeley.EDU .uclink4.berkeley.edu unknown 1996/03/14 13:47:55 in.identd 12516 all connect from uclink4.Berkeley.EDU .cranach.cs.berkeley.edu 25470 1996/03/14 13:51:06 in.thttpd 12718 all twist 25470@cranach.CS.Berkeley.EDU to /usr/etc/in.thttpd cranach.CS.Berkeley.EDU 25470 .cranach.cs.berkeley.edu 25470 1996/03/14 13:51:06 thttpd 12718 all cat /index.html .beer.csua.berkeley.edu unknown 1996/03/14 14:27:21 in.thttpd 15041 all twist beer.CSUA.Berkeley.EDU to /usr/etc/in.thttpd beer.CSUA.Berkeley.EDU unknown .beer.csua.berkeley.edu unknown 1996/03/14 14:27:22 thttpd 15041 all cat /admin/downtime.html *monsoon.berkeley.edu ahm 1996/03/14 18:25:25 in.telnetd 1162 all twist ahm@monsoon.Berkeley.EDU to (/bin/cat /etc/telmessage)& .monsoon.berkeley.edu unknown 1996/03/14 18:25:55 in.identd 1205 all connect from monsoon.Berkeley.EDU *alumni.eecs.berkeley.edu vchang 1996/03/14 18:33:32 in.telnetd 1793 all twist vchang@alumni.EECS.Berkeley.EDU to (/bin/cat /etc/telmessage)& .alumni.eecs.berkeley.edu unknown 1996/03/14 18:34:11 in.identd 1883 all connect from alumni.EECS.Berkeley.EDU .estienne.cs.berkeley.edu 9800 1996/03/14 19:11:02 in.thttpd 4342 all twist 9800@estienne.CS.Berkeley.EDU to /usr/etc/in.thttpd estienne.CS.Berkeley.EDU 9800 ... .brunello.cs.berkeley.edu unknown 1996/03/15 08:01:48 in.thttpd 19319 all twist brunello.CS.Berkeley.EDU to /usr/etc/in.thttpd brunello.CS.Berkeley.EDU unknown .brunello.cs.berkeley.edu unknown 1996/03/15 08:01:48 thttpd 19319 all cat /allnet.gif .estienne.cs.berkeley.edu 9800 1996/03/15 17:23:05 in.thttpd 1293 all twist 9800@estienne.CS.Berkeley.EDU to /usr/etc/in.thttpd estienne.CS.Berkeley.EDU 9800 .estienne.cs.berkeley.edu 9800 1996/03/15 17:23:08 thttpd 1293 all cat /journal/netsec/audits/intent2.html *sushi.hip.berkeley.edu unknown 1996/03/15 20:50:36 in.telnetd 16627 all twist sushi.HIP.Berkeley.EDU to (/bin/cat /etc/telmess)& .sushi.hip.berkeley.edu unknown 1996/03/15 20:52:06 sendmail 16726 all connect from sushi.HIP.Berkeley.EDU ...
I finally got an administrator from UCB on the phone and by Saturday the 16th the attempts were completely halted. They asked us to update this document to reflect that they did eventually act to mitigate the situation and that they don't condone this sort of behavior.
*** Host 198.133.170.253 has exceeded detection threshold: host total = 31 *198.133.170.253 unknown 1996/03/13 19:56:33 in.telnetd 24601 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:01:45 in.telnetd 25009 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:02:01 in.telnetd 25046 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:03:02 in.telnetd 25138 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:03:57 in.telnetd 25228 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:08:58 in.telnetd 25630 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:13:57 in.telnetd 26141 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:18:57 in.telnetd 26542 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:23:57 in.telnetd 26930 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:28:57 in.telnetd 27317 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:33:57 in.telnetd 27715 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:38:55 in.telnetd 28108 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:43:56 in.telnetd 28499 all refused connect from 198.133.170.253 *198.133.170.253 unknown 1996/03/13 20:48:56 in.telnetd 28890 all refused connect from 198.133.170.253 ... *198.133.170.253 unknown 1996/03/13 22:10:07 in.telnetd 6022 all refused connect from 198.133.170.253
The people given notice, just like some others who were not, purposely telnetted into this site to trigger a response. These are not innocents. They are malicious. They know they are doing something they are not supposed to be doing and they continue anyway.
They are given notice, but they continue. They break into sites to cover their tracks. They write programs to carry out their attacks.
Mar 14 23:46:11 all in.thttpd[22685]: twist fully.organic.com to /usr/etc/in.thttpd fully.organic.com unknown Mar 14 23:46:19 all in.thttpd[22694]: twist fully.organic.com to /usr/etc/in.thttpd fully.organic.com unknown Mar 14 23:46:46 all in.thttpd[22716]: twist fully.organic.com to /usr/etc/in.thttpd fully.organic.com unknown Mar 14 23:53:00 all in.telnetd[23097]: twist fully.organic.com to (/bin/cat /etc/telmess)& Mar 14 23:58:12 all in.thttpd[23456]: twist fully.organic.com to /usr/etc/in.thttpd fully.organic.com unknown fully.organic.com unknown 1996/03/14 23:46:11 22686 22685 cat /index.html fully.organic.com unknown 1996/03/14 23:46:19 22695 22694 cat /allnet.gif fully.organic.com unknown 1996/03/14 23:46:51 22717 22716 cat /journal/netsec/9604.html fully.organic.com unknown 1996/03/14 23:58:13 23457 23456 cat /readonly.html
*** Host dyn1193a.dialin.rad.net.id has exceeded detection threshold: host total = 7 *dyn1193a.dialin.rad.net.id unknown 1996/03/15 20:10:52 in.telnetd 13997 all twist dyn1193a.dialin.rad.net.id to (/bin/cat /etc/telmess)& *dyn1193a.dialin.rad.net.id unknown 1996/03/15 20:11:12 in.telnetd 14029 all twist dyn1193a.dialin.rad.net.id to (/bin/cat /etc/telmess)& *dyn1193a.dialin.rad.net.id unknown 1996/03/15 20:16:43 in.telnetd 14403 all twist dyn1193a.dialin.rad.net.id to (/bin/cat /etc/telmess)& *dyn1193a.dialin.rad.net.id unknown 1996/03/15 20:19:37 in.telnetd 14588 all twist dyn1193a.dialin.rad.net.id to (/bin/cat /etc/telmess)& *dyn1193a.dialin.rad.net.id unknown 1996/03/15 20:20:02 in.telnetd 14616 all twist dyn1193a.dialin.rad.net.id to (/bin/cat /etc/telmess)& *dyn1193a.dialin.rad.net.id unknown 1996/03/15 20:21:50 in.telnetd 14734 all twist dyn1193a.dialin.rad.net.id to (/bin/cat /etc/telmess)& *dyn1193a.dialin.rad.net.id unknown 1996/03/15 20:24:08 in.telnetd 14887 all twist dyn1193a.dialin.rad.net.id to (/bin/cat /etc/telmess)&
*** Host max1-dyn15.mindspring.com has exceeded detection threshold: host total = 4 *max1-dyn15.mindspring.com unknown 1996/03/13 15:48:26 in.telnetd 29724 all refused connect from max1-dyn15.mindspring.com *max1-dyn15.mindspring.com unknown 1996/03/13 15:49:52 in.telnetd 29881 all refused connect from max1-dyn15.mindspring.com *max1-dyn15.mindspring.com unknown 1996/03/13 15:50:18 in.telnetd 29936 all refused connect from max1-dyn15.mindspring.com *max1-dyn15.mindspring.com unknown 1996/03/13 15:50:39 in.telnetd 29985 all refused connect from max1-dyn15.mindspring.com *** Host ding.mindspring.com has exceeded detection threshold: host total = 6 *ding.mindspring.com unknown 1996/03/13 11:31:10 in.telnetd 1778 all refused connect from ding.mindspring.com *ding.mindspring.com unknown 1996/03/13 11:31:19 in.telnetd 1806 all refused connect from ding.mindspring.com *ding.mindspring.com unknown 1996/03/13 12:29:18 in.telnetd 8045 all refused connect from ding.mindspring.com *ding.mindspring.com unknown 1996/03/13 12:29:31 in.telnetd 8084 all refused connect from ding.mindspring.com *ding.mindspring.com unknown 1996/03/13 12:29:36 in.telnetd 8099 all refused connect from ding.mindspring.com *ding.mindspring.com unknown 1996/03/16 09:54:08 in.telnetd 8754 all twist ding.mindspring.com to (/bin/cat /etc/telmess)& ding.mindspring.com unknown 1996/03/16 15:37:52 in.fingerd 2042 all connect from ding.mindspring.com *** Network mindspring.com has exceeded detection threshold: net total = 21 *max1-dyn21.mindspring.com unknown 1996/03/15 23:04:01 in.telnetd 25648 all twist max1-dyn21.mindspring.com to (/bin/cat /etc/telmess)& *max1-dyn21.mindspring.com unknown 1996/03/15 23:04:14 in.telnetd 25659 all twist max1-dyn21.mindspring.com to (/bin/cat /etc/telmess)& *max1-dyn21.mindspring.com unknown 1996/03/15 23:05:53 in.telnetd 25801 all twist max1-dyn21.mindspring.com to (/bin/cat /etc/telmess)& *max1-dyn34.mindspring.com unknown 1996/03/16 00:19:28 in.telnetd 832 all twist max1-dyn34.mindspring.com to (/bin/cat /etc/telmess)& *max1-dyn34.mindspring.com unknown 1996/03/16 00:19:42 in.telnetd 873 all twist max1-dyn34.mindspring.com to (/bin/cat /etc/telmess)& max1-dyn36.mindspring.com unknown 1996/03/13 17:03:15 in.redirect 7437 all connect from max1-dyn36.mindspring.com max1-dyn36.mindspring.com unknown 1996/03/13 17:03:21 in.thttpd 7438 all twist max1-dyn36.mindspring.com to /usr/etc/in.thttpd max1-dyn36.mindspring.com unknown max1-dyn36.mindspring.com unknown 1996/03/13 17:03:22 thttpd 7438 all cat /index.html ...
*max1-dyn6.mindspring.com unknown 1996/03/13 15:31:13 in.telnetd 26914 all refused connect from max1-dyn6.mindspring.com *max1-dyn6.mindspring.com unknown 1996/03/13 15:40:46 in.telnetd 28570 all refused connect from max1-dyn6.mindspring.com *max1-dyn6.mindspring.com unknown 1996/03/13 15:40:58 in.telnetd 28643 all refused connect from max1-dyn6.mindspring.com *max1-dyn39.mindspring.com unknown 1996/03/13 11:37:14 in.telnetd 2493 all refused connect from max1-dyn39.mindspring.com ... java.mindspring.com unknown 1996/03/16 12:34:26 in.thttpd 19560 all twist java.mindspring.com to /usr/etc/in.thttpd java.mindspring.com unknown ...
java.mindspring.com unknown 1996/03/16 12:52:55 in.thttpd 20790 all twist java.mindspring.com to /usr/etc/in.thttpd java.mindspring.com unknown java.mindspring.com unknown 1996/03/16 12:52:55 thttpd 20790 all cat /journal/netsec/audits/afternoon.html *java.mindspring.com unknown 1996/03/16 12:53:15 in.telnetd 20816 all twist java.mindspring.com to (/bin/cat /etc/telmess)& borg.mindspring.com unknown 1996/03/13 11:36:28 sendmail 2409 all connect from borg.mindspring.com borg.mindspring.com unknown 1996/03/13 11:36:52 sendmail 2459 all connect from borg.mindspring.com borg.mindspring.com unknown 1996/03/13 12:13:40 sendmail 6444 all connect from borg.mindspring.com borg.mindspring.com unknown 1996/03/13 12:35:23 sendmail 8730 all connect from borg.mindspring.com irish.mindspring.com unknown 1996/03/17 10:34:46 in.thttpd 17147 all twist irish.mindspring.com to /usr/etc/in.thttpd irish.mindspring.com unknown irish.mindspring.com unknown 1996/03/17 10:35:07 thttpd 17147 all cat /books/iwar/disrupt.html *blalock.mindspring.com unknown 1996/03/16 01:13:57 in.telnetd 4525 all twist blalock.mindspring.com to (/bin/cat /etc/telmess)& ...
Date: Mon, 18 Mar 96 17:32:04 EST To: fc@all.net Subject: breakin Hi There is a http site being distributed publicly and being spred arround. Yes some one is playing a joke on your site which is kind of sad. Here is the site you can take a look at and probably do something about it. I would be pissed about it too. "http://www.shorty.com/[details witheld]" This might help you solve a part of your problem
% traceroute www.shorty.com traceroute to widow.mindspring.com (204.180.128.20), 30 hops max, 40 byte packets ...
The URL has a link for "hackers" to "hack into" our computer, and when they press on the link, it causes their browser to telnet into our site. The information contained in the page on the attack that exploits Web browsers is also false and misleading, however the page does assert that it is satire.
The administrators at Mindspring are helping us out with this and Mindspring seem to be a responsible company that got caught in the middle.
Total records = 17539 ignored 16461 and used 1078 (6.14630252579965%) <<=== End:Done crossmatching audit files. ==================================================== Tracer done - Mon Mar 18 10:44:02 EST 1996 ====================================================
3/27-05:45:30-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-05:45:35-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-05:45:39-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-05:45:45-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-05:45:50-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-05:45:55-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-05:45:59-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-05:46:06-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-05:46:10-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) ... 3/27-06:20:31-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-06:20:36-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-06:20:41-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-06:20:46-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-06:20:51-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-06:20:56-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-06:21:06-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-06:21:11-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) 3/27-06:21:17-153 tcp 204.7.229.1/telnet <- 193.124.65.96/4072 44 syn !pass(11) ...