It appears that you have been port scanned by a machine named scp.weh.RWTH-Aachen.DE That would be my interpretation of this. I would recommend that you install scanlogd as it will tell you that you have been scanned. You can also install tcp wrappers to not allow the host to connect. Christopher T. Beers Systems Analyst Administrator I Office of Information Technology - Boston University 111 Cummington Street (617)353-8248 Boston, MA 02215 (617)353-6260 fax On Thu, 16 Sep 1999, Marc Baaden wrote:
Hello !
I found this in my messages file:
Sep 4 09:14:42 causul in.telnetd[2562]: connect from 137.226.141.203 Sep 4 09:14:42 causul sshd[2564]: log: Connection from 137.226.141.203 port 18193 Sep 4 09:14:42 causul wu.ftpd[2563]: connect from 137.226.141.203 Sep 4 09:14:43 causul telnetd[2562]: ttloop: peer died: Invalid or incomplete multibyte or wide character Sep 4 09:14:48 causul sshd[2564]: fatal: Did not receive ident string. Sep 4 09:14:49 causul in.telnetd[2565]: connect from 137.226.141.203 Sep 4 09:14:50 causul in.telnetd[2567]: warning: can't get client address: Connection reset by peer Sep 4 09:14:50 causul in.telnetd[2567]: connect from unknown Sep 4 09:14:55 causul wu.ftpd[2568]: connect from 137.226.141.203 Sep 4 09:14:55 causul wu.ftpd[2569]: connect from 137.226.141.203 Sep 4 09:15:01 causul /USR/SBIN/CRON[2571]: (root) CMD ( test -x /usr/lib/cron/run-crons && /usr/lib/cron/run-crons ) Sep 4 09:30:00 causul /USR/SBIN/CRON[2590]: (root) CMD ( test -x /usr/lib/cron/run-crons && /usr/lib/cron/run-crons ) Sep 4 09:43:33 causul -- MARK -- Sep 4 09:43:42 causul sshd[180]: log: Generating new 768 bit RSA key. Sep 4 09:43:43 causul sshd[180]: log: RSA key generation complete.
I was running a SuSE 6.0. Meanwhile I have upgraded to 6.2.
Thnak you in advance.
Marc Baaden -- Marc Baaden - Labo MSM (UMR 7551) - http://crypt.u-strasbg.fr/marc mailto:baaden@chimie.u-strasbg.fr - FAX (+49) 89 666 171 68 68 ICQ# 11466242 - Tel: (+33) 3 88 41 60 86 or (+33) 6 03 24 26 56
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com