Date: Fri, 23 Feb 2001 14:10:22 -0500 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: <freebsd-security@FreeBSD.ORG>, "slamdunk" <slamdunk@neophile.net> Subject: Re: weird login attempt Message-ID: <000d01c09dcc$4504b700$1e9e6389@137.99.156.23> References: <200102231146.IAA94132@ns1.via-net-works.net.ar> <4.3.2.7.2.20010223113706.00cedb10@pop3.neophile.net> <200102231146.IAA94132@ns1.via-net-works.net.ar> <4.3.2.7.2.20010223185401.02aad2c0@pop3.neophile.net>
index | next in thread | previous in thread | raw e-mail
if someone tried to telnet in, and at the password prompt, they just pressed some keys and of course in telnet, before the session termcap is established, all "funky" keys such as the arrows and the function keys will return escape sequences, and then if they used ^] (or the escape sequence), and then quit, you'd get that. I can replicate that easily. since almost all my logins are via ssh, sshd will report this, but if it happens to be a telnet session, login will report this. ----- Original Message ----- From: "slamdunk" <slamdunk@neophile.net> To: <freebsd-security@FreeBSD.ORG> Sent: Friday, February 23, 2001 1:55 PM Subject: Re: weird login attempt > Nope it wont be either of these - The box is in a locked cabinet in our > datacenter. > > Ah well, seems this will remain a mystery > > Jerry > > At 13:48 23/02/2001 +0200, you wrote: > >On Fri, Feb 23, 2001 at 08:46:59AM -0300, Fernando Schapachnik wrote: > > > En un mensaje anterior, slamdunk escribio: > > > > Can anyone identify what this might be? > > > > > > Somebody laying its hand over the keyboard :) > > > > > > > > > > > Feb 23 10:41:33 www login: 1 LOGIN FAILURE ON ttyv0 > > > > Feb 23 10:41:33 www login: 1 LOGIN FAILURE ON ttyv0 > > > > Feb 23 10:41:33 www login: 1 LOGIN FAILURE ON ttyv0, > > ^[[S^[[J^[[J^[[J^[[~^[ > > > > Feb 23 10:41:33 www login: 1 LOGIN FAILURE ON ttyv0, > > ^[[S^[[J^[[J^[[J^[[~^[ > > > >Those are probably F-keys or similar.. ^[[S is F7, ^[[J is probably something > >around the numeric keypad. > > > >G'luck, > >Peter > > > >-- > >If you think this sentence is confusing, then change one pig. > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c09dcc$4504b700$1e9e6389>