[BlueOnyx:06035] Re: cced attack?
Greg Kuhnert
gkuhnert at compassnetworks.com.au
Mon Dec 6 01:50:52 -05 2010
On 6/12/2010 4:16 PM, INDYTECH wrote:
> Hi,
>
> Today, our BOserver recieving attack, using cced.
>
> Everybody's BO servers are OK?
>
> And please let me know How to blocking these access.
>
> Thanks,
>
> obata
>
>
> Our BO server /var/log/messages (bo03 is our BO server host name)
>
> Dec 6 14:00:01 bo03 cced(smd)[3851]: LOCKDEBUG: Locked file (null): File
> exists
> Dec 6 14:00:01 bo03 cced(smd)[3851]: client 0:[0:3849]: DESTROY succeeded
> Dec 6 14:00:01 bo03 cced(smd)[3851]: client 0:[0:3849]: DESTROY 104
> Dec 6 14:00:01 bo03 cced(smd)[3851]: LOCKDEBUG: Locked file (null): File
This is not an attack. It is related to pam_abl - deleting and
re-creating blocklist entries in the CCE database. Normal behaviour from
a cron job.
Regards,
Greg.
--
+---------------------------------------------------------------------+
| / \ Greg Kuhnert, gkuhnert at compassnetworks.com.au |
|< o> Compass Networks - Pointing you in the right direction |
| \ / Come see us for BlueQuartz / BlueOnyx modules& Support. |
+---------------------------------------------------------------------+
More information about the Blueonyx
mailing list