Date: Tue, 15 Jun 1999 13:17:42 -0600 From: Warner Losh <imp@harmony.village.org> To: Matthew Joseff <mjoseff@retribution.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: /var/log/messages Message-ID: <199906151917.NAA94653@harmony.village.org> In-Reply-To: Your message of "Tue, 15 Jun 1999 09:25:56 CDT." <Pine.BSF.4.10.9906150917490.14540-100000@retribution.net> References: <Pine.BSF.4.10.9906150917490.14540-100000@retribution.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSF.4.10.9906150917490.14540-100000@retribution.net> Matthew Joseff writes: : 1) What can I do to avoid this? : 2) Can any *real* damage be done from someone connecting like this? : 3) What liabilities does this open the "offending" party's company to? These messages mean that something very *BAD* is going on. It means that someone is trying to connect to your rsh/rlogin ports from an unprivileged port. Either they are connecting using telnet and just trying see if there is connectivity to those ports on your machine, or they are hoping that they can use their own rsh/rlogin clients to get access that you would otherwise not see. I'd say that unless you have seen a whole lot of these, I'd ignore the off one or two. They indicate that rsh/rlogin properly denied access to your machine and let you know that it was a very suspicious about how the requests came in. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906151917.NAA94653>