Re: Possible Hacker Warning

[Wayne Schlitt <wayne@midwestcs.com>]

In <3A7DE415.6080106@attglobal.net> "Ralph E. Wild" <rewild@attglobal.net> writes:

> Earlier today, I followed a link from RADSAFE to the webpage on radium 
> watch dials mentioned by Wayne Schlitt.  Mr. Schlitt email and webpage 
> domain are midwestcs.com.  I have just discovered that my firewall has 
> been blocking attempts to attack to auth port on my system ever since.  
> These attacks have been occurring essentially continuously since I first 
> accessed his page at www.midwestcs.com.  The corresponding IP address is 
> 206.222.212.234.


While I don't have enough information to be certain, I think I have
figured out what was causing problems for Mr Wild.  Ironically, it was 
a anti-hacker detection program that I had installed which tries to
authenticate the identity of connections to my webserver.  Why it
would repeatedly try to query the auth port, I don't know.  Possibly
Mr Wild's firewall, which apparently doesn't like auth requests, was
returning information that confused this anti-hacker detection
program.  Whatever the reason, it shouldn't happen any more as I have
removed this program.


I provide information on my web server as a public service, not to
make other peoples lives difficult.  If Mr Wild or anyone else is
experiencing problems due to my web site, I would appreciate hearing
about it.


-wayne
************************************************************************
The RADSAFE Frequently Asked Questions list, archives and subscription
information can be accessed at http://www.ehs.uiuc.edu/~rad/radsafe.html