Hmmmm Sounds like a Scan to me or looking for security Holes. I personally along with shutting down services and personnally removing everything dealing with NFS, I also use the portsentry RPM from Red Hat 6.2 and tune it to Medium. The Install Script pukes at the end, but it is after it has installed everything(At least on 7.0). That is what I do. :-) Also I agree download the Root Kit Checker. Just incase. Chris Brandstetter "Claudio E. Elicker" wrote:
dizzy73 wrote:
post the pertinant info from the log file
cat /var/log/messages | grep 200.204.201.138 > suspectip.log
It's here:
Apr 29 21:12:31 yeh1 in.telnetd[1638]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:34 yeh1 popper[1640]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:37 yeh1 in.ftpd[1644]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:38 yeh1 in.fingerd[1641]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:41 yeh1 in.rshd[1639]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:41 yeh1 rshd[1639]: Connection from 200.204.201.138 on illegal port Apr 29 21:12:57 yeh1 in.rlogind[1647]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:13:42 yeh1 in.telnetd[1648]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:32:37 yeh1 in.rlogind[1716]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:32:42 yeh1 rlogind[1716]: Connection from 200.204.201.138 on illegal port
Except for the last 2 lines, this was already included in my original posting.
TIA Claudio
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com