Date: Wed, 18 Aug 2004 11:56:49 +0200 From: "Devon H. O'Dell" <dodell@sitetronics.com> To: Nikolay Pavlov <quetzal@roks.biz>, Justin <freebsd@alt-network.com>, freebsd-security@freebsd.org Subject: Re: sequences in the auth.log Message-ID: <20040818095649.GA834@sitetronics.com> In-Reply-To: <20040818095421.GA207@roks.biz> References: <411CCAAE.7020505@beco.hu> <200408172301.28844.freebsd@alt-network.com> <20040818095421.GA207@roks.biz>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Nikolay Pavlov <quetzal@roks.biz> scribbled: > Hi, Justin > > On Tuesday, 17 August 2004 at 23:01:28 -0500, Justin wrote: > > I'm seeing the same thing in my log. It makes me think it is a virus because > > test, guest, and admin are not normal unix users. > > And I'm too. But I think that this is a some kind of Linux worm. > The first record in my auth.log dated on Jul 23 01:48:30 > Nmap identificates all hosts (already more than ten) in my auth.log as > "Linux 2.4.0 - 2.5.20, Linux 2.4.20 (Itanium), Linux 2.4.20 - 2.4.22 w/grsecurity.org patch" > > Best regards, > Nikolay Pavlov. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > This has recently and fully been discussed on the full-disclosure mailing list. -- Kind regards, Devon H. O'Dell | dodell@sitetronics.com Key: 4D3D8CA7 | IRC: bofh@WhatNET thebofh@efnet [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFBIyfh9y+/hU09jKcRAtn7AJ4trXkGagbp47uf7uJaKNFTx8gUEQCgj+wZ BkC9cGHVTPkoxGOb3kUwSgk= =yuNy -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040818095649.GA834>