Re: Someone hacking my i5?

so now you can check the http logs to see what they are looking for.

I have seen "them" looking for open proxies and frontpage extension hacks as well as some know web application security holes.

Bryan

albartell said the following on 9/7/2007 9:33 AM:

Here are the variety of ports trying to be hit:

8000 (expected - this is for SystemiNetwork articles)
80 (expected - this is for my "main" apache server instance)

So I guess it looks like I am safe (wiping head).

Thanks Bryan,
Aaron Bartell
http://mowyourlawn.com

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bryan Dietz
Sent: Friday, September 07, 2007 8:07 AM
To: Midrange Systems Technical Discussion
Subject: Re: Someone hacking my i5?

Press F-1 on the message. It will show the from/to ports.

That will help determine what server they are trying to hit.

Bryan

albartell said the following on 9/7/2007 8:33 AM:

I was doing a DSPMSG QSYSOPR today and noticed some messages I am not used to seeing and was curious to know if anybody might know where they are coming from.
TCP/IP connection to remote system 222.216.28.135 closed, reason code 2.
TCP/IP connection to remote system 125.65.112.108 closed, reason code 2.
TCP/IP connection to remote system 222.216.28.135 closed, reason code 2.
TCP/IP connection to remote system 38.98.163.9 closed, reason code 2. ...

Reason codes and their meanings follow:

2 = TCP connection closed due to R2 retry threshold being run.

None of those IP addresses are from my LAN/WAN (obviously).

Thanks,
Aaron Bartell
http://mowyourlawn.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.