From owner-freebsd-security Wed Oct 3 5:40:40 2001 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id 8E73437B401 for ; Wed, 3 Oct 2001 05:40:34 -0700 (PDT) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id f93CeX414618; Wed, 3 Oct 2001 07:40:33 -0500 (CDT) Received: from centtech.com (andersonpc [192.168.42.18]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id HAA10276; Wed, 3 Oct 2001 07:40:32 -0500 (CDT) Message-ID: <3BBB0797.C18CBA8B@centtech.com> Date: Wed, 03 Oct 2001 07:42:00 -0500 From: Eric Anderson X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: ANdrei Cc: rik@rikrose.net, freebsd-security@freebsd.org Subject: Re: last References: <3BBAF0B7.2CC21C7B@abc.ro> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have had my FreeBSD boxes crash like this a few times. Typically, it's been a CPU overheating for me. It really IS a crash. The ~ is what last puts in there when the system is rebooted without a user abruptly. All hackers leave a trace. Eric ANdrei wrote: > rik@rikrose.net wrote: > > > > On Wed, 3 Oct 2001, ANdrei wrote: > > > it wasn't for sure me :), but i just had my firewall down for a few > > > mins, and then it happened... was this just a coincidence? > > > > It could have been a power cut, or even a brown out, or someone else while > > you were working on the firewall :) > > nope, in that case you don't get that log entry from last (i'm almost > sure about that) and your file-systems get checked at startup for sure, > and mine didn't... it was a clkean shutdown... plus there was no power > cut, because we have about 40 computers in the company, and none > rebooted except mine... > > I'm so suspicious because I had a few times people trying to hack me, > and 2 times they were real profis, and i believe they got through this > time and left almost no evidence of their passing... > > > > > > and smtg else: what ports and protocol are used when accesing a samba > > > share? i'm talking about a broadcast network, where people should be > > > able to access public shares from other computers, which have > > > firewalls... > > > > 137-140 roughly, depending on what version of Windows you're using. I > > noticed 2000 has lots more useless ports open than any of the others, > > by default, sometimes including qotd, although I've not found the setting > > to control it. Some machines it's on, some it's not. I don't know why, > > but then I understand so little of MicroSofts products... > > I understand little about M$ too :) I found out i have an error in my > configuration of samba, or something like that, the ports i knew were > good: 135, 137, 138 and 139 > > maybe anybody has other ideas about the weird TILDA ~ in the > "last"-output, and what/who it was... > > > > > -- > > PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org > > Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F > > Public key also encoded with outguess on http://rikrose.net > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > "I live in my own little world - but it's ok, they know me here!" > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message