Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] hacked?
  • From: Landy Roman <landie@xxxxxxxxxxxxxx>
  • Date: Wed, 2 May 2001 22:21:15 -0400
  • Message-id: <20010502222115.781703f6.landie@xxxxxxxxxxxxxx>
without a doubt he was trying to conect ,

run last to see if you see strange names



On Wed, 02 May 2001 23:03:54 -0300
"Claudio E. Elicker" <elicker@xxxxxxxxx>
wrote:

> dizzy73 wrote:
> >
> > post the pertinant info from the log file
> >
>
> cat /var/log/messages | grep
> 200.204.201.138 > suspectip.log
>
> It's here:
>
> Apr 29 21:12:31 yeh1 in.telnetd[1638]:
> connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:12:34 yeh1 popper[1640]: connect
> from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:12:37 yeh1 in.ftpd[1644]: connect
> from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:12:38 yeh1 in.fingerd[1641]:
> connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:12:41 yeh1 in.rshd[1639]: connect
> from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:12:41 yeh1 rshd[1639]: Connection
> from 200.204.201.138 on
> illegal port
> Apr 29 21:12:57 yeh1 in.rlogind[1647]:
> connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:13:42 yeh1 in.telnetd[1648]:
> connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:32:37 yeh1 in.rlogind[1716]:
> connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:32:42 yeh1 rlogind[1716]:
> Connection from 200.204.201.138 on
> illegal port
>
> Except for the last 2 lines, this was
> already included in my original
> posting.
>
> TIA
> Claudio
>
>
> --
> To unsubscribe send e-mail to
> suse-linux-e-unsubscribe@xxxxxxxx
> For additional commands send e-mail to
> suse-linux-e-help@xxxxxxxx
> Also check the FAQ at
> http://www.suse.com/support/faq and the
> archives at http://lists.suse.com
>
>


--
SuSe 7.0 Linux 2.4.2 i686 Wed May 2 22:05:00
EDT 2001

< Previous Next >