RE: User HELLO? -- MIDRANGE-L

Subject: RE: User HELLO?
From: "Ingvaldson, Scott" <Scott.Ingvaldson@xxxxxxxxxx>
Date: Tue, 3 Jan 2012 11:41:45 -0600
List-archive: <http://archive.midrange.com/midrange-l>
List-help: <mailto:midrange-l-request@midrange.com?subject=help>
List-id: Midrange Systems Technical Discussion <midrange-l.midrange.com>
List-post: <mailto:midrange-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@midrange.com?subject=unsubscribe>

Sounds like network penetration testing to me. Look for additional entries with user names like ANONYMOUS, GUEST or FTP. Our last pen test hit random (and some not so random) ports for about 30 minutes.

Of course the only real way to determine if this is "testing" or hacking is to trace the source and ask the culprit.

Regards,

Scott Ingvaldson
Senior IBM Support Specialist

-----Original Message-----
From: rob@xxxxxxxxx [mailto:rob@xxxxxxxxx]
Sent: Tuesday, January 03, 2012 9:58 AM
To: Midrange Systems Technical Discussion
Subject: Re: User HELLO?

Thanks. That helps. Column PWRADR returned 10.10.4.145 which NSLOOKUP
shows to be kdvl-qualys.dekko-1.

Now I'm back on the trail.

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

Follow-Ups:

Re: User HELLO? , John Earl

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.