From owner-freebsd-questions  Fri Sep 12 21:51:36 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id VAA03569
          for questions-outgoing; Fri, 12 Sep 1997 21:51:36 -0700 (PDT)
Received: from freebie.lemis.com (gregl1.lnk.telstra.net [139.130.136.133])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id VAA03564
          for <freebsd-questions@FreeBSD.ORG>; Fri, 12 Sep 1997 21:51:29 -0700 (PDT)
Received: (from grog@localhost)
	by freebie.lemis.com (8.8.7/8.8.5) id OAA01242;
	Sat, 13 Sep 1997 14:21:19 +0930 (CST)
Message-ID: <19970913142118.05621@lemis.com>
Date: Sat, 13 Sep 1997 14:21:18 +0930
From: Greg Lehey <grog@lemis.com>
To: Doug White <dwhite@resnet.uoregon.edu>
Cc: Ricky <rickyc@chevalier.net>,
        freeBSD Question <freebsd-questions@FreeBSD.ORG>
Subject: Re: your mail
References: <199709121634.AAA29560@dns1.chevalier.net> <Pine.BSF.3.96.970912210254.17774B-100000@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.81e
In-Reply-To: <Pine.BSF.3.96.970912210254.17774B-100000@localhost>; from Doug White on Fri, Sep 12, 1997 at 09:04:10PM -0700
Organisation: LEMIS, PO Box 460, Echunga SA 5153, Australia
Phone: +61-8-8388-8250
Fax: +61-8-8388-8250
Mobile: +61-41-739-7062
WWW-Home-Page: http://www.lemis.com/~grog
Fight-Spam-Now: http://www.cauce.org
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, Sep 12, 1997 at 09:04:10PM -0700, Doug White wrote:
> On Sat, 13 Sep 1997, Ricky wrote:
>
>> Dear Sirs,
>> 	I've just setup a freeBSD ver.2.2.2. However, I got some problems. :
>>
>> 1st problem:
>> 	"Sep 12 22:59:40 home_bsd login: 2 LOGIN FAILURES FROM 168.168.100.10"
>> from remote terminal.
>
> Yeah, so?  Someone from 168.168.100.10 tried to log into your machine and
> didn't type a correct username or password twice.  If you don't know who
> 168.168.100.10 is, then you have a problem with someone trying to break
> into your box.

Doesn't that look like a funny address?  I've checked, it's not
connected.  A traceroute shows it being disappearing somewhere behind
194.ATM11-0-0.GW3.CHI1.Alter.Net.  Is that China?  In any case, it's
nowhere near where a ping to chevalier.net (in Hong Kong) goes.

There are two possibilities:

1.  You're using this net internally.  In that case, you should be
    able to figure out who's doing it.

2.  Somebody is spoofing.  Try a 'traceroute 168.168.100.10' and see
    where the trace dries up.

Greg