[unisog] Help on Possible Web Mail Attack
fs at WPI.EDU
Thu Jun 16 13:03:11 GMT 2005
On Thu, Jun 16, 2005 at 04:40:50PM +1000, Tim Lane wrote:
> Hi All,
> I have a query regarding a possible hack on our new Sun Web mail system. Is
> anyone able to help with a query. We have just gone live for POP web mail
> and have noticed one of our test web mail accounts appears to have been
> compromised or hi-jacked, by multiple timeouts whereby another IP address
> was reported as using the session.
> Is the below log report just reflective of a seemingly innocuous web bot of
> some type, or perhaps a hacker hiding behind Google range...???
> [16/Jun/2005:10:11:01 +1000] boson httpd: General Warning: ipsecurity
> - client 10.133.25.9 attempted to use session 6FmTS7qLDiU belonging to
> The 64.233 address actually resolves back to Google........
Perhaps the user in question is using Google Web Accelerator?
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
More information about the unisog