What are these log entrys?
Looks like a Sub7 probe/connection attempts from a Washinton area
@home account and from Northern Arizona University.
ports 1243 and 27374 are definately default ports for
two different versions of the Sub7 trojan horse, only works
against Win98/NT(?) machines infected with the trojan client.
I get probes for these two ports almost daily.
^^^^
This one is from a fellow @home user (24.12.247.8). Pass your logs onto
ab...@home.com as portscanning and unauthorized access to
remote systems is a violation of @home's AUP.
from http://www.home.com/support/aup/
"The Services may not be used to breach the security of another user or to
attempt to gain access to any other person's computer, software or data,
without the knowledge and consent of such person. They also may not be used
in any attempt to circumvent the user authentication or security of any
host, network, or account. This includes, but is not limited to, accessing
data not intended for you, logging into or making use of a server or account
you are not expressly authorized to access, or probing the security of other
networks. Use or distribution of tools designed for compromising security,
such as password guessing programs, cracking tools, packet sniffers or
network probing tools, is prohibited. "
====
For this one from 134.114.120.31, contact Chris.Mich...@NAU.EDU
^^^^
Northern Arizona University (NET-NAU-NET)
Flagstaff, AZ 86011
Netname: NAU-NET
Netnumber: 134.114.0.0
Coordinator:
Michels, Chris V (CVM-ARIN) Chris.Mich...@NAU.EDU
(520) 523-6495
..... if you wish to report this activity.
Not sure about these :
Feb 13 17:40:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Don