Hi Greig,
I am following it up and request sites to check their system log, firewall
log apart from SE log. It is very common that external face hosts are
constantly being scanned (hostile scanning). It would be helpful that sites
can correlate different logs to better understand the attacking pattern. SRM
has web interface (soap over https at port: 8443), normally web application
is a easier target so I am not surprised of the scanning/probing. We need to
understand more before I can report it to OSCT.
BTW. Jeremy has sent an email to the ISP.
Cheers,
Mingchao
-----Original Message-----
From: Testbed Support for GridPP member institutes
[mailto:[log in to unmask]] On Behalf Of Greig A. Cowan
Sent: 31 July 2008 14:46
To: [log in to unmask]
Subject: SE probing/scanning incident
Hi all,
I sent an email to the dpm-user-forum to report what we have been seegin in
relation to the SE probing/scanning incident that was raised yesterday. So
far, 4 non-UK sites have replied to confirm that they are seeing similar
entries in their DPM logs as we have in the UK.
Mingchao: Can this issue be raised with the LCG security group?
Cheers,
Greig
--
The University of Edinburgh is a charitable body, registered in Scotland,
with registration number SC005336.
|