Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] hacked?
  • From: Chris Brandstetter <chrisb@xxxxxxxxxxxxxxxxx>
  • Date: Wed, 02 May 2001 21:34:40 -0700
  • Message-id: <3AF0DFE0.B3EBAE8@xxxxxxxxxxxx>
Hmmmm
Sounds like a Scan to me or looking for security Holes. I personally
along with shutting down services and personnally removing everything
dealing with NFS, I also use the portsentry RPM from Red Hat 6.2 and
tune it to Medium. The Install Script pukes at the end, but it is after
it has installed everything(At least on 7.0). That is what I do. :-)
Also I agree download the Root Kit Checker. Just incase.

Chris Brandstetter


"Claudio E. Elicker" wrote:
>
> dizzy73 wrote:
> >
> > post the pertinant info from the log file
> >
>
> cat /var/log/messages | grep 200.204.201.138 > suspectip.log
>
> It's here:
>
> Apr 29 21:12:31 yeh1 in.telnetd[1638]: connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:12:34 yeh1 popper[1640]: connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:12:37 yeh1 in.ftpd[1644]: connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:12:38 yeh1 in.fingerd[1641]: connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:12:41 yeh1 in.rshd[1639]: connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:12:41 yeh1 rshd[1639]: Connection from 200.204.201.138 on
> illegal port
> Apr 29 21:12:57 yeh1 in.rlogind[1647]: connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:13:42 yeh1 in.telnetd[1648]: connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:32:37 yeh1 in.rlogind[1716]: connect from 200.204.201.138
> (200.204.201.138)
> Apr 29 21:32:42 yeh1 rlogind[1716]: Connection from 200.204.201.138 on
> illegal port
>
> Except for the last 2 lines, this was already included in my original
> posting.
>
> TIA
> Claudio
>
> --
> To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
> For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
> Also check the FAQ at http://www.suse.com/support/faq and the
> archives at http://lists.suse.com

< Previous Next >