Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 Aug 2004 11:56:49 +0200
From:      "Devon H. O'Dell" <dodell@sitetronics.com>
To:        Nikolay Pavlov <quetzal@roks.biz>, Justin <freebsd@alt-network.com>, freebsd-security@freebsd.org
Subject:   Re: sequences in the auth.log
Message-ID:  <20040818095649.GA834@sitetronics.com>
In-Reply-To: <20040818095421.GA207@roks.biz>
References:  <411CCAAE.7020505@beco.hu> <200408172301.28844.freebsd@alt-network.com> <20040818095421.GA207@roks.biz>
next in thread | previous in thread | raw e-mail | index | archive | help 

--opJtzjQTFsWo+cga
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Nikolay Pavlov <quetzal@roks.biz> scribbled:
> Hi, Justin
>=20
> On Tuesday, 17 August 2004 at 23:01:28 -0500, Justin wrote:
> > I'm seeing the same thing in my log. It makes me think it is a virus be=
cause=20
> > test, guest, and admin are not normal unix users.
>=20
> And I'm too. But I think that this is a some kind of Linux worm.
> The first record in my auth.log dated on Jul 23 01:48:30
> Nmap identificates all hosts (already more than ten) in my auth.log as=20
> "Linux 2.4.0 - 2.5.20, Linux 2.4.20 (Itanium), Linux 2.4.20 - 2.4.22 w/gr=
security.org patch"
>=20
> Best regards,
> 	Nikolay Pavlov.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or=
g"
>=20

This has recently and fully been discussed on the full-disclosure
mailing list.

--=20
Kind regards,

Devon H. O'Dell   |          dodell@sitetronics.com
Key: 4D3D8CA7     | IRC: bofh@WhatNET thebofh@efnet

--opJtzjQTFsWo+cga
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFBIyfh9y+/hU09jKcRAtn7AJ4trXkGagbp47uf7uJaKNFTx8gUEQCgj+wZ
BkC9cGHVTPkoxGOb3kUwSgk=
=yuNy
-----END PGP SIGNATURE-----

--opJtzjQTFsWo+cga--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040818095649.GA834>