From root@some.victim.com Mon May 25 02:29:28 1998
Date: Mon, 25 May 1998 02:01:03 -0400
From: root 
To: root@some.victim.com
Subject: some.victim.com 05/25/98:02.01 ACTIVE SYSTEM ATTACK!


Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
May 25 01:23:37 nemesis abacus_sentry[29243]: attackalert: FIN stealth scan from host: 
server.hax0r.net/10.10.10.100 to TCP port: 143
May 25 01:23:37 nemesis abacus_sentry[29243]: attackalert: Host 10.10.10.100 has been 
blocked via wrappers.
May 25 01:23:38 nemesis abacus_sentry[29243]: attackalert: Host 10.10.10.100 has been 
blocked via dropped route.

Security Violations
=-=-=-=-=-=-=-=-=-=
May 25 01:23:37 nemesis abacus_sentry[29243]: attackalert: FIN stealth scan from host: 
server.hax0r.net/10.10.10.100 to TCP port: 143
May 25 01:23:37 nemesis abacus_sentry[29243]: attackalert: Host 10.10.10.100 has been 
blocked via wrappers.
May 25 01:23:38 nemesis abacus_sentry[29243]: attackalert: Host 10.10.10.100 has been 
blocked via dropped route.
May 25 01:23:39 nemesis kernel: IP fw-in deny eth0 TCP 10.10.10.100:13687 
192.168.2.10:143 L=40 S=0x10 I=19394 F=0x0040 T=53
May 25 01:23:39 nemesis kernel: IP fw-in deny eth0 TCP 10.10.10.100:13687 
192.168.2.10:143 L=60 S=0x10 I=19395 F=0x0040 T=53
May 25 01:23:39 nemesis kernel: IP fw-in deny eth0 TCP 10.10.10.100:13687 
192.168.2.10:143 L=40 S=0x10 I=19396 F=0x0040 T=53
May 25 01:23:39 nemesis kernel: IP fw-in deny eth0 TCP 10.10.10.100:13687 
192.168.2.10:143 L=60 S=0x10 I=19397 F=0x0040 T=53
May 25 01:23:39 nemesis kernel: IP fw-in deny eth0 TCP 10.10.10.100:13687 
192.168.2.10:143 L=40 S=0x10 I=19399 F=0x0040 T=53

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=

May 25 01:00:05 nemesis abacus_sentry[29243]: adminalert: Sentry 0.60 is starting. 
May 25 01:00:05 nemesis abacus_sentry[29243]: adminalert: Advanced Stealth scan detection 
mode activated. Ignored TCP ports are: 22 
May 25 01:00:05 nemesis abacus_sentry[29243]: adminalert: Advanced Stealth scan detection 
mode activated. Ignored TCP ports are: 25 
May 25 01:00:05 nemesis abacus_sentry[29243]: adminalert: Advanced Stealth scan detection 
mode activated. Ignored TCP ports are: 80 
May 25 01:23:37 nemesis abacus_sentry[29243]: attackalert: FIN stealth scan from host: 
server.hax0r.net/10.10.10.100 to TCP port: 143
May 25 01:23:37 nemesis abacus_sentry[29243]: attackalert: Host 10.10.10.100 has been 
blocked via wrappers.
May 25 01:23:38 nemesis abacus_sentry[29243]: attackalert: Host 10.10.10.100 has been 
blocked via dropped route.
May 25 01:23:39 nemesis kernel: IP fw-in deny eth0 TCP 10.10.10.100:13687 
192.168.2.10:143 L=40 S=0x10 I=19394 F=0x0040 T=53
May 25 01:23:39 nemesis kernel: IP fw-in deny eth0 TCP 10.10.10.100:13687 
192.168.2.10:143 L=60 S=0x10 I=19395 F=0x0040 T=53
May 25 01:23:39 nemesis kernel: IP fw-in deny eth0 TCP 10.10.10.100:13687 
192.168.2.10:143 L=40 S=0x10 I=19396 F=0x0040 T=53
May 25 01:23:39 nemesis kernel: IP fw-in deny eth0 TCP 10.10.10.100:13687 
192.168.2.10:143 L=60 S=0x10 I=19397 F=0x0040 T=53
May 25 01:23:39 nemesis kernel: IP fw-in deny eth0 TCP 10.10.10.100:13687 
192.168.2.10:143 L=40 S=0x10 I=19399 F=0x0040 T=53