Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
hacked?
  • From: elicker@xxxxxxxxx
  • Date: Wed, 02 May 2001 11:30:23 -0300
  • Message-id: <3AF019FF.61666B2F@xxxxxxxxx>
I never bothered to look /var/log/messages file until now.

Just by curiosity I was browsing the file and I see the excerpt that
follows.

It seems that someone at 200.204.201.138 was trying to break in into my
computer.

My box is a minimal SuSE 6.4 with KDE2, apache and samba added. No
special security measures was taken.

As I know nothing about security I am looking for some advice.

Does this guy at 200.204.201.138 succeed? Was I hacked?

What is "popper"? AFAIK there is nothing in my box with this name.

Thanks a lot for any advice.


Claudio

--------------------------------

/var/log/messages

---big snip---

Apr 29 21:12:20 yeh1 pppd[1608]: sent [LCP EchoReq id=0x4
magic=0x28a2c95d]
Apr 29 21:12:20 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0x4 magic=0x0]
Apr 29 21:12:31 yeh1 in.telnetd[1638]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:12:34 yeh1 popper[1640]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:12:34 yeh1 popper[1640]: error: cannot execute
/usr/sbin/popper: No such file or directory
Apr 29 21:12:37 yeh1 in.ftpd[1644]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:12:38 yeh1 in.fingerd[1641]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:12:41 yeh1 in.rshd[1639]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:12:41 yeh1 rshd[1639]: Connection from 200.204.201.138 on
illegal port
Apr 29 21:12:50 yeh1 pppd[1608]: sent [LCP EchoReq id=0x5
magic=0x28a2c95d]
Apr 29 21:12:50 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0x5 magic=0x0]
Apr 29 21:12:51 yeh1 fingerd[1641]: Client hung up - probable port-scan
Apr 29 21:12:57 yeh1 in.rlogind[1647]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:13:20 yeh1 pppd[1608]: sent [LCP EchoReq id=0x6
magic=0x28a2c95d]
Apr 29 21:13:20 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0x6 magic=0x0]
Apr 29 21:13:42 yeh1 in.telnetd[1648]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:13:50 yeh1 pppd[1608]: sent [LCP EchoReq id=0x7
magic=0x28a2c95d]
Apr 29 21:13:50 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0x7 magic=0x0]
Apr 29 21:13:52 yeh1 telnetd[1648]: ttloop: read: Connection reset by
peer
Apr 29 21:14:20 yeh1 pppd[1608]: sent [LCP EchoReq id=0x8
magic=0x28a2c95d]
Apr 29 21:14:20 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0x8 magic=0x0]
Apr 29 21:14:24 yeh1 telnetd[1638]: ttloop: peer died: EOF
Apr 29 21:14:50 yeh1 pppd[1608]: sent [LCP EchoReq id=0x9
magic=0x28a2c95d]
Apr 29 21:14:50 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0x9 magic=0x0]
Apr 29 21:15:20 yeh1 pppd[1608]: sent [LCP EchoReq id=0xa
magic=0x28a2c95d]
Apr 29 21:15:20 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0xa magic=0x0]

---big snip---


< Previous Next >