From owner-freebsd-security Tue Jun 15 7:55:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from wrath.cs.utah.edu (wrath.cs.utah.edu [155.99.198.100]) by hub.freebsd.org (Postfix) with ESMTP id D38E515068 for ; Tue, 15 Jun 1999 07:55:52 -0700 (PDT) (envelope-from danderse@cs.utah.edu) Received: from lal.cs.utah.edu (lal.cs.utah.edu [155.99.195.65]) by wrath.cs.utah.edu (8.8.8/8.8.8) with ESMTP id IAA03556; Tue, 15 Jun 1999 08:55:51 -0600 (MDT) From: David G Andersen Received: (from danderse@localhost) by lal.cs.utah.edu (8.8.8/8.8.8) id IAA19354; Tue, 15 Jun 1999 08:55:49 -0600 (MDT) Message-Id: <199906151455.IAA19354@lal.cs.utah.edu> Subject: Re: /var/log/messages To: mjoseff@retribution.net (Matthew Joseff) Date: Tue, 15 Jun 1999 08:55:49 -0600 (MDT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: from "Matthew Joseff" at Jun 15, 99 09:25:56 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Since nobody has pointed it out yet, just FYI, this is typically an indication that you're being portscanned by the host 193.221.47.155. You might also want to check for telnet connections, NOQUEUE messages from sendmail, etc., to get a better idea of what they scanned. Then, contact postmaster@molnycke.se about it (or, if that fails, they list their domain contact as hostmaster@sgn.sca.se). -Dave Lo and behold, Matthew Joseff once said: > > > Found this in my "messages" this morning: > > Jun 15 07:18:51 retribution rshd[19891]: connection from 193.221.47.155 on > illegal port 1574 > Jun 15 07:18:51 retribution rlogind[19890]: Connection from 193.221.47.155 > on illegal port > > questions: > > 1) What can I do to avoid this? > 2) Can any *real* damage be done from someone connecting like this? > 3) What liabilities does this open the "offending" party's company to? > > -- > Matthew Joseff, Sr. Web Developer > RCN Corp. 703-321-2410 > www.rcn.com NASDAQ: RCNC > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- work: danderse@cs.utah.edu me: angio@pobox.com University of Utah http://www.angio.net/ Computer Science - Flux Research Group "What's footnote FIVE?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message