[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Possible Hacker Warning

To: "Ralph E. Wild" <rewild@attglobal.net>
Subject: Re: Possible Hacker Warning
From: Wayne Schlitt <wayne@midwestcs.com>
Date: 04 Feb 2001 18:30:24 -0600
Cc: Multiple recipients of list <radsafe@romulus.ehs.uiuc.edu>
In-Reply-To: "Ralph E. Wild"'s message of "Sun, 4 Feb 2001 17:33:57 -0600 (CST)"
References: <x4elxhoath.fsf@backbone.midwestcs.com> <x4k877m8by.fsf@backbone.midwestcs.com> <x4hf2bm1mi.fsf@backbone.midwestcs.com> <3A7DE415.6080106@attglobal.net>

In <3A7DE415.6080106@attglobal.net> "Ralph E. Wild" <rewild@attglobal.net> writes:

> Earlier today, I followed a link from RADSAFE to the webpage on radium 
> watch dials mentioned by Wayne Schlitt.  Mr. Schlitt email and webpage 
> domain are midwestcs.com.  I have just discovered that my firewall has 
> been blocking attempts to attack to auth port on my system ever since.  
> These attacks have been occurring essentially continuously since I first 
> accessed his page at www.midwestcs.com.  The corresponding IP address is 
> 206.222.212.234.
> 
> I am not necessarily accusing Mr. Shlitt himself of intent to do harm 
> but I would suggest extreme caution in accessing his webpage.

Hello

Yes, midwestcs.com is my site, and that is my IP address.

First, I would like to assure everyone that I do not run a hacker
site, nor anything of the sort.  I will confess that I have had one
(1) other person complain about a similar situation last year, and I
will certainly look into it.

The "auth" port, also know as the identd server is used to verify a
users identity.  Its usage is defined in rfc1413, which can be found
on the Internet Engineering Task Force website at
http://www.ietf.org/rfc/rfc1413.txt

I run pretty much a stock Apache webserver.  My web pages are very
simple, they don't use cookies, java, javascript, webbugs or any of
the other things that many sites use to track people.  To be quite
honest, I don't know why apache would be using the inetd/auth service,
nor do I quite know how to turn it off.

> Never thought I would be glad to have a dynamic IP address myself - 
> about to disconnect and reconnect to put an end to this.

I'm not sure what problem you are seeing on your end, the previous
report mentioned that there were numerous messages to his syslog.  I
would appreciate any information that you could provide, although I
guess I could understand not wanting to talk with me.

Geez, first I ask some dumb questions, then my website goes down, now
something is happening to cause a problem to you.  I guess I haven't
made a very smooth entry into the radsafe world. :-/

-wayne
************************************************************************
The RADSAFE Frequently Asked Questions list, archives and subscription
information can be accessed at http://www.ehs.uiuc.edu/~rad/radsafe.html

References:
- Radium on watch dials
  - From: Wayne Schlitt <wayne@midwestcs.com>
- Re: Radium on watch dials
  - From: Wayne Schlitt <wayne@midwestcs.com>
- Re: Radium on watch dials
  - From: Wayne Schlitt <wayne@midwestcs.com>
- Possible Hacker Warning
  - From: "Ralph E. Wild" <rewild@attglobal.net>

Prev by Date: Possible Hacker Warning
Next by Date: Re: Possible Hacker Warning
Prev by thread: Possible Hacker Warning
Next by thread: Re: Possible Hacker Warning
Index(es):
- Date
- Thread