From owner-freebsd-questions@FreeBSD.ORG Tue Feb 14 21:31:56 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 811A816A420 for ; Tue, 14 Feb 2006 21:31:56 +0000 (GMT) (envelope-from imbg11@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id D0CD443D58 for ; Tue, 14 Feb 2006 21:31:54 +0000 (GMT) (envelope-from imbg11@gmail.com) Received: by xproxy.gmail.com with SMTP id t13so880432wxc for ; Tue, 14 Feb 2006 13:31:54 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=Zf2iKcD8PvyoqRImzl4SYLRcExPA8nqjQPnQSdlVDGMNRIhg9Ksyj0ebMjxz70JEDIF/RSypRmUpH/BMLsjJWl5cBHUBigJF3Y1X5G3HY17iijLIk2Kip3NnwW4DIoT3We0AbKMRGMsi/EcWn/EfSFchb1eEnYhCXbHzjP9ej+c= Received: by 10.70.94.6 with SMTP id r6mr2965899wxb; Tue, 14 Feb 2006 13:31:53 -0800 (PST) Received: from ?172.16.120.163? ( [208.254.3.3]) by mx.gmail.com with ESMTP id h18sm78478wxd.2006.02.14.13.31.53; Tue, 14 Feb 2006 13:31:53 -0800 (PST) Message-ID: <43F24C48.9040702@gmail.com> Date: Tue, 14 Feb 2006 16:31:52 -0500 From: Tom Nguyen User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: 15 digit HEX string in /var/log/messages X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: imbg11@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Feb 2006 21:31:56 -0000 Greetings all, Running FreeBSD 5.4 stable on intel x86 platform. Need help in deciphering /figuring out what is the cause of strange 15 character HEX strings that is logging in /var/log/messages: [...] Feb 14 13:11:39 hostx kernel: 3E0D0A3C6172656 Feb 14 13:14:12 hostx kernel: 4163636570742D4 Feb 14 13:14:19 hostx kernel: 69742532464C697 Feb 14 13:14:26 hostx kernel: 4163636570742D4 Feb 14 13:31:44 hostx kernel: 732E616861696E7 Feb 14 13:32:31 hostx kernel: 415577426F41475 Feb 14 13:32:31 hostx kernel: 415577426F41475 Feb 14 13:33:40 hostx kernel: 2A0D0A416363657 Feb 14 13:33:48 hostx kernel: 2E616861696E746 Feb 14 13:33:49 hostx kernel: 736573736D656E7 Feb 14 13:43:22 hostx kernel: 45414141412F2F2 Feb 14 14:00:38 hostx kernel: 780D0A416363657 Feb 14 14:02:45 hostx kernel: 0A200D0A09626F7 Feb 14 14:13:19 hostx kernel: 70616765732F686 Feb 14 14:39:10 hostx kernel: 64066FF3ED39E31 Feb 14 14:47:57 hostx kernel: 414141414141414 [...] This has been occurring for several weeks now. First thought was some type of attack but our IDS doesn't pick up anything unusual. Google searches doesn't give any clues. Can anyone shed some light on this? TIA. --T