Date: Sun, 24 Aug 2008 19:31:24 +0200 From: Polytropon <freebsd@edvax.de> To: "Christopher Joyner" <chris29wjoyner@gmail.com> Cc: questions@freebsd.org Subject: Re: Security problems, I think I have a hacker attacker. Message-ID: <20080824193124.2202a12c.freebsd@edvax.de> In-Reply-To: <d244cd910808240039w49358ad6h66e11ee50a529fe0@mail.gmail.com> References: <d244cd910808240039w49358ad6h66e11ee50a529fe0@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 24 Aug 2008 07:39:30 +0000, "Christopher Joyner" <chris29wjoyner@gmail.com> wrote: > I think someone is attempting to get into my system. > > Here is my details: There are 2 login failuers on ttyv0, > And also 2 login failers on ttyv0 root. > > I did not try login in on that terminal. Are they able to try to do it away > from my computer, from a remote location? As far as I know, /dev/ttyv* are the local virtual consoles. SSH login attempts would be on /dev/ttyp*. So if you're sure it's on ttyv0, this is your system / primary console (first virtual console) which needs physical access to be used. But I'm sure there would be a strange way to pass something from or to /dev/ttyv0 using... redirection maybe? Are you sure that nobody tried to use your computer physically? > Can someone tell me how to turn off the broadcast option for my lan, if it's > possible. I think a server named chill is attacking me. Where did you get this evidence from? Check /var/log/auth.log and /var/log/xfer.log and /var/log/ftpd.log (if you're running FTP services). -- Polytropon >From Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080824193124.2202a12c.freebsd>