Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] hacked?
  • From: "Claudio E. Elicker" <elicker@xxxxxxxxx>
  • Date: Wed, 02 May 2001 23:03:54 -0300
  • Message-id: <3AF0BC8A.CB4C5496@xxxxxxxxx>
dizzy73 wrote:
>
> post the pertinant info from the log file
>

cat /var/log/messages | grep 200.204.201.138 > suspectip.log

It's here:

Apr 29 21:12:31 yeh1 in.telnetd[1638]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:12:34 yeh1 popper[1640]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:12:37 yeh1 in.ftpd[1644]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:12:38 yeh1 in.fingerd[1641]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:12:41 yeh1 in.rshd[1639]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:12:41 yeh1 rshd[1639]: Connection from 200.204.201.138 on
illegal port
Apr 29 21:12:57 yeh1 in.rlogind[1647]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:13:42 yeh1 in.telnetd[1648]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:32:37 yeh1 in.rlogind[1716]: connect from 200.204.201.138
(200.204.201.138)
Apr 29 21:32:42 yeh1 rlogind[1716]: Connection from 200.204.201.138 on
illegal port

Except for the last 2 lines, this was already included in my original
posting.

TIA
Claudio


< Previous Next >