Il 05:59, giovedì 11 ottobre 2001, hai scritto:
On October 10, 2001 05:10 pm, Praise wrote:
It's the second time I post it to the list, this time with a more appropriate subject. When I run the "last" command I find out this output:
<snip>
What does /var/log/messages say?
It looks almost regular, except for these entries: Oct 8 05:10:03 main in.ftpd[16381]: connect from rg@217.128.174.129 (217.128.174.129) rg is not an user in my system! Just checked Oct 8 10:56:13 main in.ftpd[17131]: connect from root@203.90.83.203 (203.90.83.203) and root cant connect to ftp when I try it. What does these entries could mean? I have brought down my pc and I have checked passwd and log files with the suse rescue system. Everything looks as regular as when I did that with the compromised (?) system. Praise
Running a quick whois query on 203.90.83.203, I come up with this: tschulze:~> whois 203.90.83.203 % Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.html % (whois7.apnic.net) inetnum: 203.90.64.0 - 203.90.95.255 netname: HCL-INFINET descr: HCL Infinet Limited descr: E-4,5,6 Sector XI descr: Noida - 201 301, India country: IN admin-c: SR35-AP tech-c: SK88-AP mnt-by: APNIC-HM mnt-lower: MAINT-IN-HCL changed: hostmaster@apnic.net 20000522 source: APNIC person: Subramanian R address: HCL Infinet Limited address: E 4,5,6 Sector XI address: Noida - 201 301, India country: IN phone: +91 118 4532685 fax-no: +91 118 4544510 e-mail: rsubra@hclinsys.com nic-hdl: SR35-AP mnt-by: MAINT-NEW changed: rsubra@hclinsys.com 20000506 source: APNIC person: Shivakumar Kollagunta address: HCL Infinet Limited address: E 4,5,6 Sector XI address: Noida - 201 301, India country: IN phone: +91 118 4532685 fax-no: +91 118 4544510 e-mail: rsubra@hclinsys.com nic-hdl: SK88-AP mnt-by: MAINT-NEW changed: rsubra@hclinsys.com 20000506 source: APNIC You know anybody in India? Cheers, Sean On Thursday 11 October 2001 15:37, Praise wrote:
Il 05:59, giovedì 11 ottobre 2001, hai scritto:
On October 10, 2001 05:10 pm, Praise wrote:
It's the second time I post it to the list, this time with a more appropriate subject. When I run the "last" command I find out this output:
<snip>
What does /var/log/messages say?
It looks almost regular, except for these entries: Oct 8 05:10:03 main in.ftpd[16381]: connect from rg@217.128.174.129 (217.128.174.129)
rg is not an user in my system! Just checked
Oct 8 10:56:13 main in.ftpd[17131]: connect from root@203.90.83.203 (203.90.83.203)
and root cant connect to ftp when I try it. What does these entries could mean?
I have brought down my pc and I have checked passwd and log files with the suse rescue system. Everything looks as regular as when I did that with the compromised (?) system.
Praise
-- Theo. Sean Schulze theo.schulze@myokay.net "[T]he key to maintaining leadership in the economy and the technology that are about to emerge is likely to be the social position of knowledge professionals and social acceptance of their values." -- Peter Drucker
participants (2)
-
Praise
-
Theo. Sean Schulze