[BlueOnyx:06036] Re: cced attack?
INDYTECH
obata at indytech.jp
Mon Dec 6 02:03:06 -05 2010
Hi, Greg.
> This is not an attack. It is related to pam_abl - deleting
> and re-creating blocklist entries in the CCE database. Normal
> behaviour from a cron job.
Thaks for your information.
It was relieved.
Thanks,
obata
> -----Original Message-----
> From: blueonyx-bounces at blueonyx.it
> [mailto:blueonyx-bounces at blueonyx.it] On Behalf Of Greg Kuhnert
> Sent: Monday, December 06, 2010 3:51 PM
> To: blueonyx at blueonyx.it
> Subject: [BlueOnyx:06035] Re: cced attack?
>
> On 6/12/2010 4:16 PM, INDYTECH wrote:
> > Hi,
> >
> > Today, our BOserver recieving attack, using cced.
> >
> > Everybody's BO servers are OK?
> >
> > And please let me know How to blocking these access.
> >
> > Thanks,
> >
> > obata
> >
> >
> > Our BO server /var/log/messages (bo03 is our BO server host name)
> >
> > Dec 6 14:00:01 bo03 cced(smd)[3851]: LOCKDEBUG: Locked
> file (null):
> > File exists Dec 6 14:00:01 bo03 cced(smd)[3851]: client
> 0:[0:3849]:
> > DESTROY succeeded Dec 6 14:00:01 bo03 cced(smd)[3851]: client
> > 0:[0:3849]: DESTROY 104 Dec 6 14:00:01 bo03 cced(smd)[3851]:
> > LOCKDEBUG: Locked file (null): File
>
> This is not an attack. It is related to pam_abl - deleting
> and re-creating blocklist entries in the CCE database. Normal
> behaviour from a cron job.
>
> Regards,
> Greg.
>
> --
> +-------------------------------------------------------------
> --------+
> | / \ Greg Kuhnert, gkuhnert at compassnetworks.com.au
> |
> |< o> Compass Networks - Pointing you in the right direction |
> | \ / Come see us for BlueQuartz / BlueOnyx modules&
> Support. |
> +-------------------------------------------------------------
> --------+
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at blueonyx.it
> http://www.blueonyx.it/mailman/listinfo/blueonyx
>
More information about the Blueonyx
mailing list