I never bothered to look /var/log/messages file until now. Just by curiosity I was browsing the file and I see the excerpt that follows. It seems that someone at 200.204.201.138 was trying to break in into my computer. My box is a minimal SuSE 6.4 with KDE2, apache and samba added. No special security measures was taken. As I know nothing about security I am looking for some advice. Does this guy at 200.204.201.138 succeed? Was I hacked? What is "popper"? AFAIK there is nothing in my box with this name. Thanks a lot for any advice. Claudio -------------------------------- /var/log/messages ---big snip--- Apr 29 21:12:20 yeh1 pppd[1608]: sent [LCP EchoReq id=0x4 magic=0x28a2c95d] Apr 29 21:12:20 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0x4 magic=0x0] Apr 29 21:12:31 yeh1 in.telnetd[1638]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:34 yeh1 popper[1640]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:34 yeh1 popper[1640]: error: cannot execute /usr/sbin/popper: No such file or directory Apr 29 21:12:37 yeh1 in.ftpd[1644]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:38 yeh1 in.fingerd[1641]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:41 yeh1 in.rshd[1639]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:41 yeh1 rshd[1639]: Connection from 200.204.201.138 on illegal port Apr 29 21:12:50 yeh1 pppd[1608]: sent [LCP EchoReq id=0x5 magic=0x28a2c95d] Apr 29 21:12:50 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0x5 magic=0x0] Apr 29 21:12:51 yeh1 fingerd[1641]: Client hung up - probable port-scan Apr 29 21:12:57 yeh1 in.rlogind[1647]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:13:20 yeh1 pppd[1608]: sent [LCP EchoReq id=0x6 magic=0x28a2c95d] Apr 29 21:13:20 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0x6 magic=0x0] Apr 29 21:13:42 yeh1 in.telnetd[1648]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:13:50 yeh1 pppd[1608]: sent [LCP EchoReq id=0x7 magic=0x28a2c95d] Apr 29 21:13:50 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0x7 magic=0x0] Apr 29 21:13:52 yeh1 telnetd[1648]: ttloop: read: Connection reset by peer Apr 29 21:14:20 yeh1 pppd[1608]: sent [LCP EchoReq id=0x8 magic=0x28a2c95d] Apr 29 21:14:20 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0x8 magic=0x0] Apr 29 21:14:24 yeh1 telnetd[1638]: ttloop: peer died: EOF Apr 29 21:14:50 yeh1 pppd[1608]: sent [LCP EchoReq id=0x9 magic=0x28a2c95d] Apr 29 21:14:50 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0x9 magic=0x0] Apr 29 21:15:20 yeh1 pppd[1608]: sent [LCP EchoReq id=0xa magic=0x28a2c95d] Apr 29 21:15:20 yeh1 pppd[1608]: rcvd [LCP EchoRep id=0xa magic=0x0] ---big snip---