From owner-freebsd-security Tue Jun 15 12:18: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 505301567B for ; Tue, 15 Jun 1999 12:17:57 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id NAA48383; Tue, 15 Jun 1999 13:17:53 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA94653; Tue, 15 Jun 1999 13:17:43 -0600 (MDT) Message-Id: <199906151917.NAA94653@harmony.village.org> To: Matthew Joseff Subject: Re: /var/log/messages Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Tue, 15 Jun 1999 09:25:56 CDT." References: Date: Tue, 15 Jun 1999 13:17:42 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Matthew Joseff writes: : 1) What can I do to avoid this? : 2) Can any *real* damage be done from someone connecting like this? : 3) What liabilities does this open the "offending" party's company to? These messages mean that something very *BAD* is going on. It means that someone is trying to connect to your rsh/rlogin ports from an unprivileged port. Either they are connecting using telnet and just trying see if there is connectivity to those ports on your machine, or they are hoping that they can use their own rsh/rlogin clients to get access that you would otherwise not see. I'd say that unless you have seen a whole lot of these, I'd ignore the off one or two. They indicate that rsh/rlogin properly denied access to your machine and let you know that it was a very suspicious about how the requests came in. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message