dizzy73 wrote:
post the pertinant info from the log file
cat /var/log/messages | grep 200.204.201.138 > suspectip.log It's here: Apr 29 21:12:31 yeh1 in.telnetd[1638]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:34 yeh1 popper[1640]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:37 yeh1 in.ftpd[1644]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:38 yeh1 in.fingerd[1641]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:41 yeh1 in.rshd[1639]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:41 yeh1 rshd[1639]: Connection from 200.204.201.138 on illegal port Apr 29 21:12:57 yeh1 in.rlogind[1647]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:13:42 yeh1 in.telnetd[1648]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:32:37 yeh1 in.rlogind[1716]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:32:42 yeh1 rlogind[1716]: Connection from 200.204.201.138 on illegal port Except for the last 2 lines, this was already included in my original posting. TIA Claudio