Hi Allen, Here's the news: ComputerWorld Australia - Novell server Hacked http://www.computerworld.com.au/index.php?id=2128628770&eid=-255 A company server that some workers at Novell apparently used for gaming purposes was hacked into and then used to scan for vulnerable ports on potentially millions of computers worldwide, according to an Internet security consultant. http://www.computerworld.com.au/index.php?id=2128628770&eid=-255 Cheers, Arjen -----Original Message----- From: Allen [mailto:gorebofh@comcast.net] Sent: Thu 29/09/2005 11:53 To: suse-security@suse.com Cc: Subject: [suse-security] Maybe a bit worried? LogDigest just sent something to me which has me wondering WTH is going on here. I'm copying and pasting the parts I'm wondering: /var/log/messages: ________________________________________________________________________________ Messages matching keywords in the "alarming" list: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- (15 lines) Sep 27 20:56:24 HP rcd[6043]: id=87 COMPLETE 'Downloading https://update.novell.com/data/channels.php' time=0s (failed) Sep 27 22:56:25 HP rcd[6043]: id=91 COMPLETE 'Downloading https://update.novell.com/data/channels.php' time=0s (failed) Sep 28 00:56:24 HP rcd[6043]: id=95 COMPLETE 'Downloading https://update.novell.com/data/channels.php' time=1s (failed) Sep 28 02:56:22 HP rcd[6043]: id=99 COMPLETE 'Downloading https://update.novell.com/data/channels.php' time=0s (failed) Sep 28 04:56:23 HP rcd[6043]: id=103 COMPLETE 'Downloading https://update.novell.com/data/channels.php' time=0s (failed) Sep 28 06:56:25 HP rcd[6043]: id=107 COMPLETE 'Downloading https://update.novell.com/data/channels.php' time=0s (failed) Sep 28 08:56:26 HP rcd[6043]: id=111 COMPLETE 'Downloading https://update.novell.com/data/channels.php' time=0s (failed) Sep 28 10:56:25 HP rcd[6043]: id=115 COMPLETE 'Downloading https://update.novell.com/data/channels.php' time=0s (failed) Sep 28 12:56:26 HP rcd[6043]: id=119 COMPLETE 'Downloading https://update.novell.com/data/channels.php' time=1s (failed) Sep 28 14:56:37 HP rcd[6043]: id=123 COMPLETE 'Downloading https://update.novell.com/data/channels.php' time=0s (failed) Sep 28 16:56:27 HP rcd[6043]: id=127 COMPLETE 'Downloading https://update.novell.com/data/channels.php' time=0s (failed) Sep 28 18:56:27 HP rcd[6043]: id=131 COMPLETE 'Downloading https://update.novell.com/data/channels.php' time=0s (failed) Why is this trying to connect to Novell? And why is it failing? I've been using SUSE since 8.1 and never had this in Logdigest. I haven't played with much yet on here as I just set up what I needed for now and that was it, and so I'm wondering what this is doing. All lines that are not in the "ignore" list: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- (77 lines) Sep 27 19:17:24 HP logrotate: ALERT exited abnormally with [1] Sep 27 20:56:04 HP rcd[6043]: Running heartbeat at Tue Sep 27 20:56:04 2005 Sep 27 20:56:06 HP rcd[6043]: Loading system packages Sep 27 20:56:22 HP rcd[6043]: Done loading system packages Sep 27 20:56:22 HP rcd[6043]: Can't find synthetic package file '/var/lib/rcd/synthetic-packages.xml' Sep 27 20:56:24 HP rcd[6043]: Unable to downloaded channel list: IO error - Soup error: Internal Server Error (500) Sep 27 22:56:04 HP rcd[6043]: Running heartbeat at Tue Sep 27 22:56:04 2005 Sep 27 22:56:06 HP rcd[6043]: Loading system packages Sep 27 22:56:24 HP rcd[6043]: Done loading system packages Sep 27 22:56:24 HP rcd[6043]: Can't find synthetic package file '/var/lib/rcd/synthetic-packages.xml' Sep 27 22:56:25 HP rcd[6043]: Unable to downloaded channel list: IO error - Soup error: Internal Server Error (500) Sep 28 00:56:04 HP rcd[6043]: Running heartbeat at Wed Sep 28 00:56:04 2005 Sep 28 00:56:06 HP rcd[6043]: Loading system packages Sep 28 00:56:23 HP rcd[6043]: Done loading system packages Sep 28 00:56:23 HP rcd[6043]: Can't find synthetic package file '/var/lib/rcd/synthetic-packages.xml' Here is the other part. Should I worry about this? -Allen. -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here