RV: HACKER ATTACK?

Barsotti, Gabriela gbarsotti at easymail.net.ar
Mon Nov 12 08:24:25 CST 2001 

>  -----Mensaje original-----
> De: 	Barsotti, Gabriela
> Enviado el:	Lunes, 12 de Noviembre de 2001 11:22 a.m.
> Para:	'piratecheck at open.com.au'
> Asunto:	HACKER ATTACK?
>
> The last Saturday our Radius server received  an attack. I´m sending you
> the information I can found on my server in order to help all Radius
> Server from unspected attacks.
>
> Sat Nov 10 22:59:54 2001: DEBUG: Packet dump:
> *** Received from 200.16.169.56 port 1645 ....
> Code:       Access-Request
> Identifier: 150
> Authentic:  Ei`!:iLLLL(:r(LC
> Attributes:
>         User-Name = "'S R%H%G1\|g+%s8rEs3)o}p/G}/J?~o]F 4%7.+CBsg,'?j/?u"
>         User-Password =
> ")<162><225><251><177>o<25>9\<177>o<6>:[J<5>va<146><145>U<173>F<8><198>4<1
> 60><249>D<179><198><239>"
>         NAS-IP-Address = 200.16.169.56
>         NAS-Port = 56
>         Called-Station-Id = "6200"
>         Calling-Station-Id = "1145674048"
>         USR-Connect-Speed = 24000_BPS
>         USR-Modulation-Type = v32Terbo
>         USR-Simplified-MNP-Levels = 0
>         USR-Simplified-V42bis-Usage = 0
>         USR-Chassis-Call-Slot = 7
>         USR-Chassis-Call-Span = 0
>         USR-Chassis-Call-Channel = 27
>         NAS-Identifier = "access2"
>         Acct-Session-Id = "071b05f8"
>         NAS-Port-Type = Async
>
> Sat Nov 10 22:59:54 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Sat Nov 10 22:59:54 2001: DEBUG: SessionDbSQL Deleting session for 'S
> R%H%G1\|g+%s8rEs3)o}p/G}/J?~o]F 4%7.+CBsg,'?j/?u, 200.16.169.56, 56
> Sat Nov 10 22:59:54 2001: DEBUG: do query is: delete from RADONLINE where
> NASIDENTIFIER='200.16.169.56' and NASPORT=056
>
> Sat Nov 10 22:59:54 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
> ACCTSESSIONID from RADONLINE where USERNAME=''S R%H%G1\|g+%s8rEs3)o}
> p/G}/J?~o]F 4%7.+CBsg,'?j/?u'
>
> Sat Nov 10 22:59:54 2001: ERR: Execute failed for 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID from RADONLINE where USERNAME=''S R%H%G1\|g+%s
> 8rEs3)o}p/G}/J?~o]F 4%7.+CBsg,'?j/?u'': ERROR:  parser: parse error at or
> near "s"
>
> Sat Nov 10 22:59:55 2001: ERR: Execute failed for 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID from RADONLINE where USERNAME=''S R%H%G1\|g+%s
> 8rEs3)o}p/G}/J?~o]F 4%7.+CBsg,'?j/?u'': ERROR:  parser: parse error at or
> near "s"
>
> Sat Nov 10 22:59:55 2001: DEBUG: Handling with Radius::AuthSQL
> Sat Nov 10 22:59:55 2001: DEBUG: Handling with Radius::AuthSQL
>
> Lic. Gabriela Barsotti
> Technology Manager
> EasyMail S.A.
> A VirtualCom Company
> 54-11-54590-8820

-------------------------------------------------------

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc 
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list