Message-ID: From: "Carson, Chuck" Date: Tue, 26 Dec 2000 17:26:23 -0800 Subject: Possible Hack?? First one question, Is SuSE susceptible to the LPD hack that affects red hat? Second, I saw some strange in.telnetd connections in /var/log/messages from an unknown IP address (I have traced it but do not wish to disclose at this time) but performing (last root, etc.. for all my user accounts) I see no connections from this IP address, so I am guessing it was a port scan. However, after performing (netstat -a) I see active sockets, /tmp/.ICE-unix/some_number. Is this normal, or is this one of the hacks going around. (I have seen hacks in the past utilize the .ICE directory is why I am asking) Also, will TCP wrappers log the so-called half-connect port scans in /var/log/messages? My passwords are pretty strong but I am guilty of using ftp and telnet so anyone with a sniffer will have my passwords with little effort. Lastly, does anyone know if it is possible to sniff Pac Bell's DSL network? I am on a 255.255.255.248 subnet (5 static's), so I was under the impression only the router and all machines on my address range could sniff my info. Am I right or wrong? Thanks, Chuck