From owner-freebsd-security Sun Jun 27 2:29:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from well.apcs.com.au (unknown [203.41.196.92]) by hub.freebsd.org (Postfix) with ESMTP id 0ED1214D8D; Sun, 27 Jun 1999 02:29:15 -0700 (PDT) (envelope-from keith@well.apcs.com.au) Received: (from keith@localhost) by well.apcs.com.au (8.9.3/8.9.2) id TAA00540; Sun, 27 Jun 1999 19:29:12 +1000 (EST) (envelope-from keith) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Sun, 27 Jun 1999 19:29:12 +1000 (EST) From: Keith Anderson To: questions@freebsd.org, security@freebsd.org Subject: Whats going on please Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi All I just noticed someone hacking. what has happend ? any help would be great. I have whats like a new kernel> I am the keith@work.xxx.com.au I have turned off all telnet/ssh/smtp/pop for now root@137~#uname -a FreeBSD 137.132.85.96 3.1-RELEASE FreeBSD 3.1-RELEASE #3: Wed Mar 31 14:59:17 EST 1999 keith@work.xxx.com.au:/usr/src/sys/compile/WORK i386 what is the '137.132.85.96' or who it should be work.xxx.com.au I have in /var/log/messages Jun 27 19:13:41 work sshd[3005]: fatal: Local: Sorry, you are not allowed to connect. Jun 27 19:18:24 work telnetd[3014]: refused connect from compl-r4.iscs.nus.sg Jun 27 19:18:26 work telnetd[3015]: refused connect from compl-r4.iscs.nus.sg and Jun 27 17:06:59 work popper[1550]: @compl-r4.iscs.nus.sg: -ERR POP EOF received Jun 27 17:07:00 work popper[1552]: @compl-r4.iscs.nus.sg: -ERR POP EOF received Jun 27 17:07:03 work popper[1553]: @compl-r4.iscs.nus.sg: -ERR POP EOF received Jun 27 07:09:04 work dnsserver: gethostby*.gethostanswer: asked for "exnjld4avip.doubleclick.net", got "exnjld3avip. doubleclick.net" Jun 27 17:10:05 work popper[1579]: (v2.53) Unable to get canonical name of client, err = 0 Jun 27 17:12:40 work inetd[145]: ident/tcp: No such user 'kmem', service ignored Jun 27 17:17:06 work popper[1637]: (v2.53) Unable to get canonical name of client, err = 0 Jun 27 17:18:47 work popper[1640]: @compl-r4.iscs.nus.sg: -ERR POP EOF received Jun 27 17:18:48 work popper[1642]: @compl-r4.iscs.nus.sg: -ERR POP EOF received Jun 27 17:18:48 work popper[1643]: @compl-r4.iscs.nus.sg: -ERR POP EOF received Hope you can help Thanking you Keith A "The box said 'Requires Windows 95, NT, or better,' so I installed FreeBSD." ** The thing I like most about Windows 98 is... ** You can download FreeBSD with it! ---------------------------------- E-Mail: Keith Anderson Australia Power Control Systems Pty. Limited. Date: 27-Jun-99 Time: 18:59:43 Satelite Service 64K to 2Meg This message was sent by XFMail ---------------------------------- What's the similarity between an air conditioner and a computer? They both stop working when you open windows. ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message