From owner-freebsd-security Wed Oct 3 4: 5:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from rage.abc.ro (goanga.com [193.231.240.30]) by hub.freebsd.org (Postfix) with ESMTP id A1FF737B401 for ; Wed, 3 Oct 2001 04:05:16 -0700 (PDT) Received: from abc.ro (rage.abc.ro [193.231.240.30]) by rage.abc.ro (8.11.3/8.11.3) with ESMTP id f93B4NZ27532; Wed, 3 Oct 2001 14:04:28 +0300 (EEST) (envelope-from andrei@abc.ro) Message-ID: <3BBAF0B7.2CC21C7B@abc.ro> Date: Wed, 03 Oct 2001 14:04:23 +0300 From: ANdrei Organization: Cronon AG - tech department X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: ro, de, en MIME-Version: 1.0 To: rik@rikrose.net Cc: freebsd-security@FreeBSD.ORG Subject: Re: last References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org rik@rikrose.net wrote: > > On Wed, 3 Oct 2001, ANdrei wrote: > > it wasn't for sure me :), but i just had my firewall down for a few > > mins, and then it happened... was this just a coincidence? > > It could have been a power cut, or even a brown out, or someone else while > you were working on the firewall :) nope, in that case you don't get that log entry from last (i'm almost sure about that) and your file-systems get checked at startup for sure, and mine didn't... it was a clkean shutdown... plus there was no power cut, because we have about 40 computers in the company, and none rebooted except mine... I'm so suspicious because I had a few times people trying to hack me, and 2 times they were real profis, and i believe they got through this time and left almost no evidence of their passing... > > > and smtg else: what ports and protocol are used when accesing a samba > > share? i'm talking about a broadcast network, where people should be > > able to access public shares from other computers, which have > > firewalls... > > 137-140 roughly, depending on what version of Windows you're using. I > noticed 2000 has lots more useless ports open than any of the others, > by default, sometimes including qotd, although I've not found the setting > to control it. Some machines it's on, some it's not. I don't know why, > but then I understand so little of MicroSofts products... I understand little about M$ too :) I found out i have an error in my configuration of samba, or something like that, the ports i knew were good: 135, 137, 138 and 139 maybe anybody has other ideas about the weird TILDA ~ in the "last"-output, and what/who it was... > > -- > PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org > Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F > Public key also encoded with outguess on http://rikrose.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- "I live in my own little world - but it's ok, they know me here!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message