[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SC01 LDM problems -Re: Hack attempt? (fwd)
Hi Teresa,
As we suspected....
Actually it is well defined on the LDM install pages that port 388
is required for its operation, but obviously it would behoove us to
make it more prominent for the SuomiNet folks.. I am working on it, just a
bit behind with the new baby and all.....
I am not sure how I would work with him, he needs to open port 388 to our
subnet, or it won't work...pretty cut and dried.
Let me know if they have other questions,
-Jeff
____________________________ _____________________
Jeff Weber jweber@xxxxxxxx
Unidata Support PH:303-497-8676
NWS-COMET Case Study Library FX:303-497-8690
University Corp for Atmospheric Research 3300 Mitchell Ln
http://www.unidata.ucar.edu/staff/jweber Boulder,Co 80307-3000
________________________________________ ______________________
On Tue, 23 Oct 2001, Teresa Van Hove wrote:
> Jeff,
>
> Seems like verification that NM tech is not allowing the ldm port
> (388)
> through their firewall. Hopefully you, and Ken Minschwaner at NM
> tech
> can work with the sys admin folks there to allow port 388, at least
> to
> the ucar subnets (128.117.) LDM access is part of the Suominet
> requirements; but the UNAVCO web pages describing this have not
> been crystal clear so its not surprising that one of the suominet
> participants did not have port 388 allowed ahead of time.
>
> THanks
> Teresa
>
>
>
> Hunt wrote:
> >
> > Ryan: I am the systems admin in charge of the Suominet project and
> > the machine 128.117.29.216 (suomildm1.cosmic.ucar.edu). Suominet is a
> > collection of GPS recievers and computers at various universities which
> > are managed by UCAR for the collection of atmospheric data.
> >
> > Your machine (129.138.88.80, souminet.nmt.edu) is in our tables as one
> > of our Suominet client machines. This means that we expect that this
> > machine is a unidata LDM client that should be giving us GPS data via
> > the LDM system.
> > I can't tell for sure, but the log snippet you gave seems to be normal
> > LDM traffic.
> >
> > The name your machine resolves to (suominet.nmt.edu) seems to indicate
> > that you are part of Suominet. The log you show seems to be from a
> > firewall? I don't believe we have been getting data from your machine.
> > Perhaps your firewall has been rejecting our attempts to collect your
> > data. If this is so, we would like to see these data! Perhaps your
> > firewall restrictions could be eased to permit this.
> >
> > Regards,
> >
> > Doug Hunt
> >
> > Greg Woods wrote:
> > >
> > > Is this someone with whom you are attempting to exchange LDM data
> > > who doesn't know they are supposed to be doing this, or do you
> > > have a compromised machine?
> > >
> > > --Greg
> > >
> > > Forwarded message:
> > > >From RSnyder@xxxxxxxxxxxxx Tue Oct 23 07:57:36 2001
> > > Message-ID: <AA786FC0001CD51193D600600841E6600B102F@xxxxxxxxxxxxx>
> > > From: "Snyder, Ryan" <RSnyder@xxxxxxxxxxxxx>
> > > To: "'security@xxxxxxxx'" <security@xxxxxxxx>
> > > Subject: Hack attempt?
> > > Date: Tue, 23 Oct 2001 07:59:09 -0600
> > > MIME-Version: 1.0
> > > X-Mailer: Internet Mail Service (5.5.2653.19)
> > > Content-Type: text/plain;
> > > charset="iso-8859-1"
> > > X-Filter: mailagent [version 3.0 PL54] for woods@xxxxxxxxxxxxx
> > >
> > > We are receiving a lot of attempts from 128.117.29.216 to contact a machine
> > > on our network on strange ports.
> > >
> > > Here are a sample of my logs. They come in groups of three about every
> > > three to four minutes. I have logs going back to the end of September with
> > > this data.
> > >
> > > "12661" "3Oct2001" "22:34:08" "eth0" "log" "drop" "unidata-ldm"
> > > "128.117.29.216" "129.138.88.80"
> > > "13167" "3Oct2001" "22:36:08" "eth0" "log" "drop" "sunrpc"
> > > "128.117.29.216" "129.138.88.80"
> > > "13335" "3Oct2001" "22:37:03" "eth0" "log" "drop" "unidata-ldm"
> > > "128.117.29.216" "129.138.88.80"
> >
> > --
> > dhunt@xxxxxxxx
> > Software Engineer III, Sometimes Sysadmin
> > UCAR - COSMIC, Tel. (303) 497-2611
>
