Mailinglist Archive: opensuse-security (331 mails)
| < Previous | Next > |
strange 'last' output
- From: Tobias Gewinner <crt@xxxxxx>
- Date: Mon, 11 Sep 2000 12:51:09 +0200
- Message-id: <39BCB91D.D650E026@xxxxxx>
hi there!
i've got a server running SuSE 6.4 (Kernel 2.2.17) and since about 2
months, 'last' is showing me a very strange output like this:
user ftpd22132 host Sun Sep 10 20:18 - 20:18
(00:00)
user ftpd22129 host Sun Sep 10 20:15 - 20:17
(00:01)
user pts/0 host Sun Sep 10 20:10 - 20:11
(00:00)
user pts/0 host Sun Sep 10 16:03 - 16:04
(00:00)
****X*** X*******X*** ****X*******X*** Sun Apr 7 02:44 - down
(9654+08:44)
user pts/1 host Sat Sep 9 18:54 - 19:03 (00:08)
user pts/0 host Sat Sep 9 18:46 - 21:01
(02:15)
user pts/0 host Sat Sep 9 18:29 - 18:39
(00:09)
user ftpd18251 host Sat Sep 9 16:24 - 16:39
(00:14)
user pts/0 host Sat Sep 9 16:22 - 16:24
(00:02)
****X*** X*******X*** 15529 Thu Jan 1 01:00 - 02:44
(1557+01:44)
****X*** X*******X*** ****X*******X*** Sun Apr 7 02:44 - 01:00
(-1557+-1:-4
user pts/0 host Fri Sep 8 01:23 - 01:27
(00:03)
i really don't know where this "****X***" comes from. also take a look
at the login time! another example:
****X*** X*******X*** ****X*******X*** Sun Apr 7 02:44 still logged
in
****X*** X*******X*** Thu Jan 1 01:00 - 02:44
(1557+01:44)
****X*** X*******X*** ****X*******X*** Sun Apr 7 02:44 - 01:00
(-1557+-1:-4
****X*** X*******X*** ****X*******X*** Thu Jan 1 01:00 - 02:44
(1557+01:44)
5019 X*******X*** crt Thu Jan 1 01:00 still logged
in
but neiter lsof or netstat show me any strange things.
could this be an attack? is it possible that someone broke into this
system? or is anything else faulty? i dont't know...
Yours
--
Tobias Gewinner
TMT interNETworks GmbH
t.gewinner@xxxxxx
http://www.tmt.de
i've got a server running SuSE 6.4 (Kernel 2.2.17) and since about 2
months, 'last' is showing me a very strange output like this:
user ftpd22132 host Sun Sep 10 20:18 - 20:18
(00:00)
user ftpd22129 host Sun Sep 10 20:15 - 20:17
(00:01)
user pts/0 host Sun Sep 10 20:10 - 20:11
(00:00)
user pts/0 host Sun Sep 10 16:03 - 16:04
(00:00)
****X*** X*******X*** ****X*******X*** Sun Apr 7 02:44 - down
(9654+08:44)
user pts/1 host Sat Sep 9 18:54 - 19:03 (00:08)
user pts/0 host Sat Sep 9 18:46 - 21:01
(02:15)
user pts/0 host Sat Sep 9 18:29 - 18:39
(00:09)
user ftpd18251 host Sat Sep 9 16:24 - 16:39
(00:14)
user pts/0 host Sat Sep 9 16:22 - 16:24
(00:02)
****X*** X*******X*** 15529 Thu Jan 1 01:00 - 02:44
(1557+01:44)
****X*** X*******X*** ****X*******X*** Sun Apr 7 02:44 - 01:00
(-1557+-1:-4
user pts/0 host Fri Sep 8 01:23 - 01:27
(00:03)
i really don't know where this "****X***" comes from. also take a look
at the login time! another example:
****X*** X*******X*** ****X*******X*** Sun Apr 7 02:44 still logged
in
****X*** X*******X*** Thu Jan 1 01:00 - 02:44
(1557+01:44)
****X*** X*******X*** ****X*******X*** Sun Apr 7 02:44 - 01:00
(-1557+-1:-4
****X*** X*******X*** ****X*******X*** Thu Jan 1 01:00 - 02:44
(1557+01:44)
5019 X*******X*** crt Thu Jan 1 01:00 still logged
in
but neiter lsof or netstat show me any strange things.
could this be an attack? is it possible that someone broke into this
system? or is anything else faulty? i dont't know...
Yours
--
Tobias Gewinner
TMT interNETworks GmbH
t.gewinner@xxxxxx
http://www.tmt.de
| < Previous | Next > |