Hi Mingchao,
I've been in contact with a guy I know in Poland and he can confirm that
all Polish sites have seen this same behvaiour from theplanet.
He also notes that the scanning frequency has recently changed from ~2
hours to 8 hours.
Cheers,
Greig
On 31/07/08 14:58, Ma, M (Mingchao) wrote:
> Hi Greig,
>
> I am following it up and request sites to check their system log, firewall
> log apart from SE log. It is very common that external face hosts are
> constantly being scanned (hostile scanning). It would be helpful that sites
> can correlate different logs to better understand the attacking pattern. SRM
> has web interface (soap over https at port: 8443), normally web application
> is a easier target so I am not surprised of the scanning/probing. We need to
> understand more before I can report it to OSCT.
>
> BTW. Jeremy has sent an email to the ISP.
>
> Cheers,
>
> Mingchao
>
>
> -----Original Message-----
> From: Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of Greig A. Cowan
> Sent: 31 July 2008 14:46
> To: [log in to unmask]
> Subject: SE probing/scanning incident
>
> Hi all,
>
> I sent an email to the dpm-user-forum to report what we have been seegin in
> relation to the SE probing/scanning incident that was raised yesterday. So
> far, 4 non-UK sites have replied to confirm that they are seeing similar
> entries in their DPM logs as we have in the UK.
>
> Mingchao: Can this issue be raised with the LCG security group?
>
> Cheers,
> Greig
>
> --
> The University of Edinburgh is a charitable body, registered in Scotland,
> with registration number SC005336.
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
|