× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



so now you can check the http logs to see what they are looking for.

I have seen "them" looking for open proxies and frontpage extension hacks as well as some know web application security holes.

Bryan

albartell said the following on 9/7/2007 9:33 AM:
Here are the variety of ports trying to be hit:

8000 (expected - this is for SystemiNetwork articles)
80 (expected - this is for my "main" apache server instance)

So I guess it looks like I am safe (wiping head).

Thanks Bryan,
Aaron Bartell
http://mowyourlawn.com

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bryan Dietz
Sent: Friday, September 07, 2007 8:07 AM
To: Midrange Systems Technical Discussion
Subject: Re: Someone hacking my i5?

Press F-1 on the message. It will show the from/to ports.

That will help determine what server they are trying to hit.

Bryan

albartell said the following on 9/7/2007 8:33 AM:
I was doing a DSPMSG QSYSOPR today and noticed some messages I am not used to seeing and was curious to know if anybody might know where they are coming from.
TCP/IP connection to remote system 222.216.28.135 closed, reason code 2.
TCP/IP connection to remote system 125.65.112.108 closed, reason code 2.
TCP/IP connection to remote system 222.216.28.135 closed, reason code 2.
TCP/IP connection to remote system 38.98.163.9 closed, reason code 2. ...

Reason codes and their meanings follow:

2 = TCP connection closed due to R2 retry threshold being run.


None of those IP addresses are from my LAN/WAN (obviously).

Thanks,
Aaron Bartell
http://mowyourlawn.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.