From owner-freebsd-questions Fri Aug 21 19:24:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA08994 for freebsd-questions-outgoing; Fri, 21 Aug 1998 19:24:42 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from lucy.bedford.net (lucy.bedford.net [206.99.145.54]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA08989 for ; Fri, 21 Aug 1998 19:24:40 -0700 (PDT) (envelope-from listread@lucy.bedford.net) Received: (from listread@localhost) by lucy.bedford.net (8.8.8/8.8.8) id WAA05785; Fri, 21 Aug 1998 22:14:28 -0400 (EDT) (envelope-from listread) Message-Id: <199808220214.WAA05785@lucy.bedford.net> Subject: Re: wierd In-Reply-To: <199808212327.SAA05117@mutsgo.kf7nn.com> from Laszlo Vagner at "Aug 21, 98 06:27:21 pm" To: vagner@mutsgo.kf7nn.com (Laszlo Vagner) Date: Fri, 21 Aug 1998 22:14:28 -0400 (EDT) Cc: questions@FreeBSD.ORG X-no-archive: yes Reply-to: djv@bedford.net From: CyberPeasant X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Laszlo Vagner wrote: > what could this be? > > i understand the first 2 failed attempts to login but > a login from my own machine??? localhost? with 00's and not OO's > > > > Aug 20 23:04:28 mutsgo login: 1 LOGIN FAILURE FROM er4.rutgers.edu > Aug 20 23:04:28 mutsgo login: 1 LOGIN FAILURE FROM er4.rutgers.edu, kk7ax > Aug 20 23:10:37 mutsgo login: 2 LOGIN FAILURES FROM localhost > Aug 20 23:10:37 mutsgo login: 2 LOGIN FAILURES FROM localhost, r00t > Somebody's messing with you. I bet a script kid got in between 23:04 and 23:10, installed a bogus root kit, and tried to login as r00t. This is a common h4x0r misspelling. time for an audit. Dave -- Confutatis maledictis, flammis acribus addictis. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message