without a doubt he was trying to conect , run last to see if you see strange names On Wed, 02 May 2001 23:03:54 -0300 "Claudio E. Elicker" <elicker@email.com> wrote:
dizzy73 wrote:
post the pertinant info from the log file
cat /var/log/messages | grep 200.204.201.138 > suspectip.log
It's here:
Apr 29 21:12:31 yeh1 in.telnetd[1638]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:34 yeh1 popper[1640]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:37 yeh1 in.ftpd[1644]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:38 yeh1 in.fingerd[1641]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:41 yeh1 in.rshd[1639]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:12:41 yeh1 rshd[1639]: Connection from 200.204.201.138 on illegal port Apr 29 21:12:57 yeh1 in.rlogind[1647]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:13:42 yeh1 in.telnetd[1648]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:32:37 yeh1 in.rlogind[1716]: connect from 200.204.201.138 (200.204.201.138) Apr 29 21:32:42 yeh1 rlogind[1716]: Connection from 200.204.201.138 on illegal port
Except for the last 2 lines, this was already included in my original posting.
TIA Claudio
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
-- SuSe 7.0 Linux 2.4.2 i686 Wed May 2 22:05:00 EDT 2001