Date: Sat, 13 Sep 1997 14:21:18 +0930 From: Greg Lehey <grog@lemis.com> To: Doug White <dwhite@resnet.uoregon.edu> Cc: Ricky <rickyc@chevalier.net>, freeBSD Question <freebsd-questions@FreeBSD.ORG> Subject: Re: your mail Message-ID: <19970913142118.05621@lemis.com> In-Reply-To: <Pine.BSF.3.96.970912210254.17774B-100000@localhost>; from Doug White on Fri, Sep 12, 1997 at 09:04:10PM -0700 References: <199709121634.AAA29560@dns1.chevalier.net> <Pine.BSF.3.96.970912210254.17774B-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 12, 1997 at 09:04:10PM -0700, Doug White wrote:
> On Sat, 13 Sep 1997, Ricky wrote:
>
>> Dear Sirs,
>> I've just setup a freeBSD ver.2.2.2. However, I got some problems. :
>>
>> 1st problem:
>> "Sep 12 22:59:40 home_bsd login: 2 LOGIN FAILURES FROM 168.168.100.10"
>> from remote terminal.
>
> Yeah, so? Someone from 168.168.100.10 tried to log into your machine and
> didn't type a correct username or password twice. If you don't know who
> 168.168.100.10 is, then you have a problem with someone trying to break
> into your box.
Doesn't that look like a funny address? I've checked, it's not
connected. A traceroute shows it being disappearing somewhere behind
194.ATM11-0-0.GW3.CHI1.Alter.Net. Is that China? In any case, it's
nowhere near where a ping to chevalier.net (in Hong Kong) goes.
There are two possibilities:
1. You're using this net internally. In that case, you should be
able to figure out who's doing it.
2. Somebody is spoofing. Try a 'traceroute 168.168.100.10' and see
where the trace dries up.
Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970913142118.05621>