Date: Sat, 13 Jun 1998 20:23:40 PDT From: "Min Huang" <huang_min@hotmail.com> To: questions@FreeBSD.ORG Subject: Re: How to kick this user out? continue Message-ID: <19980614032342.15775.qmail@hotmail.com>
next in thread | raw e-mail | index | archive | help
Please reply to huang_min@hotmail.com, I'm not in this list. Thanks! >From robert@chalmers.com.au Sat Jun 13 18:40:10 1998 >Received: from chalmers.com.au (carbon.chalmers.com.au [203.1.96.26]) > by nanguo.chalmers.com.au (8.8.8/8.8.8) with ESMTP id LAA25305 > for <huang_min@hotmail.com>; Sun, 14 Jun 1998 11:39:40 +1000 >Hi there, > > try 'ls -l /dev/ttyS4' and see what the permissions are. I remember it's "c--------- 1 bbs tty" > > Is ttyS4 a dial in line on your system? No, it's not. > > You could try setting the permissions so it can't be used, and see what >happens? Acturelly, at that time, I deleted /dev/ttyS4, then I used "who", the result is same. How can "who" show a user using a none exist tty ? Then I used "MAKEDEV" to recover the ttyS4. Some time passed, the user lost. >Are you sure it's not something in your own system? Perhaps in /etc/ttys? What do you mean? Will anything special with ttys?? > >Regards >Robert > >Min Huang wrote: >> >> Hi,sir, >> >> Actually, I have not found the process the user run, and the user >> is idle, there's no package transfered between the user's original >> IP and my machine. Strange! Any suggestions? >> >> Huang Min >> >> >From robert@chalmers.com.au Thu Jun 11 00:15:13 1998 >> >Received: from chalmers.com.au (carbon.chalmers.com.au [203.1.96.26]) >> > by nanguo.chalmers.com.au (8.8.8/8.8.8) with ESMTP id RAA09824 >> > for <huang_min@hotmail.com>; Thu, 11 Jun 1998 17:14:28 +1000 >> >> >Hi, >> >do you have a program called 'tcpdump' on your system? If you enable >> this, you >> >can then watch this port and see exactly what that user is doing. >> tcpdump >> >watches all thraffic through a site, or down to even one port. It is >> very >> >useful for tracking strange users. >> > >> >Is 172.24.13.80 one of your numbers? Or is it a number from outside >> > >> >Have you tried typing >> > 'ps -ax | more' >> > >> >Or better yet, 'ps -t S4' >> >This will show you exactly what processes that user is running. >> > >> >cheers >> >Robert >> > >> > >> >Min Huang wrote: >> >> >> >> Hello,sir, >> >> >> >> Thanks for replying my last mail so quick, I think I've not accounted >> >> my situation clearly. Here is the result. >> >> #who >> >> bbs ttyqe Jun 11 14:10 (10.150.15.10) >> >> bbs ttyqq Jun 11 13:46 (10.150.15.102) >> >> bbs ttyrp Jun 11 14:25 (172.18.32.20) >> >> bbs ttyQo Jun 11 14:03 (10.150.15.58) >> >> bbs ttyS4 Jun 10 18:57 (172.24.13.80) >> >> #w >> >> bbs qe 10.150.15.10 2:10PM 29 bbs h 10.150.15.10 >> >> /dev/ttyqe >> >> bbs qq 10.150.15.102 1:46PM 50 bbs h 10.150.15.102 >> >> /dev/ttyqq >> >> bbs rp 172.18.32.20 2:25PM 15 bbs h 172.18.32.20 >> >> /dev/ttyrp >> >> bbs Qo 10.150.15.58 2:03PM - bbs h 10.150.15.58 >> >> /dev/ttyQo >> >> bbs S4 172.24.13.80 Wed06PM 19:44 - >> >> #ps -U bbs >> >> 697 pj- I 0:03.16 bin/chatd 3 >> >> 26389 qe Is+ 0:00.14 bbs h 10.150.15.10 /dev/ttyqe >> >> 26288 qq Is+ 0:00.13 bbs h 10.150.15.102 /dev/ttyqq >> >> 26447 rp Ss+ 0:00.29 bbs h 172.18.32.20 /dev/ttyrp >> >> 694 Qh- S 0:09.93 bin/chatd 2 >> >> 26352 Qo Ss+ 0:00.32 bbs h 10.150.15.58 /dev/ttyQo >> >> >> >> Note on the user at ttyS4, I don't know what's he doing and how >> >> this situation happen. >> >> Thank you for replying this to huang_min@hotmail.com, I'm not >> >> at this list. >> >> >> >> Huang Min >> >> >> >> ______________________________________________________ >> >> Get Your Private, Free Email at http://www.hotmail.com >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> with "unsubscribe freebsd-questions" in the body of the message >> > >> >-- >> > Support Whirled Peas. Business in China? China House >> > robert@chalmers.com.au ph:61 7 49440357 fx:61 7 49578425 >> > China House Uses Webposition to ensure Top Spot in Searches >> > http://www.chalmers.com.au/ChinaHouse/Business/webposition >> > >> >> ______________________________________________________ >> Get Your Private, Free Email at http://www.hotmail.com > >-- > Support Whirled Peas. Business in China? China House > robert@chalmers.com.au ph:61 7 49440357 fx:61 7 49578425 > China House Uses Webposition to ensure Top Spot in Searches > http://www.chalmers.com.au/ChinaHouse/Business/webposition > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980614032342.15775.qmail>