From owner-freebsd-questions  Fri Apr  3 11:44:07 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA03845
          for freebsd-questions-outgoing; Fri, 3 Apr 1998 11:44:07 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from dt050n33.san.rr.com (@dt050n33.san.rr.com [204.210.31.51])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA03707
          for <freebsd-questions@freebsd.org>; Fri, 3 Apr 1998 11:42:46 -0800 (PST)
          (envelope-from Studded@san.rr.com)
Received: from san.rr.com (Studded@localhost [127.0.0.1])
	by dt050n33.san.rr.com (8.8.8/8.8.8) with ESMTP id LAA18431
	for <freebsd-questions@freebsd.org>; Fri, 3 Apr 1998 11:42:45 -0800 (PST)
	(envelope-from Studded@san.rr.com)
Message-ID: <35253BB4.BC9BC943@san.rr.com>
Date: Fri, 03 Apr 1998 11:42:44 -0800
From: Studded <Studded@san.rr.com>
Organization: Triborough Bridge & Tunnel Authority
X-Mailer: Mozilla 4.05 [en] (X11; I; FreeBSD 2.2.6-STABLE-0325 i386)
MIME-Version: 1.0
To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: Odd syslog entrys
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

A customer wanted me to take a look at some odd syslog entries on his
machine. I am guessing that someone connected directly to syslogd and
entered the info directly. If this is the case, I would appreciate
confirmation and if anyone knows the method I'd like to demonstrate to
the customer what happened and show that the leak is plugged. They did
not have the -s option enabled on syslogd but I killed it and restarted
with that option. Here are the messages:

Apr  3 10:25:23 j59.mlk31.jaring.my HELO fuckhead
Apr  3 10:25:35 j59.mlk31.jaring.my last message repeated 10 times
Apr  3 10:27:40 j59.mlk31.jaring.my last message repeated 4 times
Apr  3 10:29:39 j59.mlk31.jaring.my last message repeated 4 times
Apr  3 12:48:28 t4o31p25.telia.com GET ../..
Apr  3 12:48:28 t4o31p25.telia.com last message repeated 3 times
Apr  3 12:50:22 t4o31p25.telia.com last message repeated 4 times
Apr  3 12:59:40 t4o31p25.telia.com last message repeated 20 times
Apr  3 13:08:02 t4o31p25.telia.com last message repeated 16 times

Thanks for any help,

Doug

-- 
***         Chief Operations Officer, DALnet IRC network       ***
*** Proud operator, designer and maintainer of the world's largest
*** Internet Relay Chat server.  5,328 clients and still growing.
*** Try spider.dal.net on ports 6662-4    (Powered by FreeBSD)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message