From owner-freebsd-hackers Mon Aug 21 13:18:15 1995 Return-Path: hackers-owner Received: (from majordom@localhost) by freefall.FreeBSD.org (8.6.11/8.6.6) id NAA08988 for hackers-outgoing; Mon, 21 Aug 1995 13:18:15 -0700 Received: from chrome.onramp.net (chrome.onramp.net [199.1.166.202]) by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id NAA08980 for ; Mon, 21 Aug 1995 13:18:12 -0700 Received: from localhost.jdl.com (localhost.jdl.com [127.0.0.1]) by chrome.onramp.net (8.6.11/8.6.9) with SMTP id PAA03194; Mon, 21 Aug 1995 15:17:15 -0500 Message-Id: <199508212017.PAA03194@chrome.onramp.net> X-Authentication-Warning: chrome.onramp.net: Host localhost.jdl.com didn't use HELO protocol To: Ade Barkah cc: hackers@freebsd.org Subject: Re: rlogin on illegal port In-reply-to: Your message of "Mon, 21 Aug 1995 13:57:58 MDT." <199508211957.NAA07189@hemi.com> Reply-To: jdl@chromatic.com Clarity-Index: null Threat-Level: none Software-Engineering-Dead-Seriousness: There's no excuse for unreadable code. Net-thought: If you meet the Buddha on the net, put him in your Kill file. Date: Mon, 21 Aug 1995 15:17:15 -0500 From: Jon Loeliger Sender: hackers-owner@freebsd.org Precedence: bulk Apparently, Ade Barkah scribbled: > Hello, > > One of our FreeBSD 2.0.5 machines showed the following within > the console messages: > > (date) (time) (hostname) rlogin [3643]: usage rlogind [-aln] > (date) (time) (hostname) rlogin [3643]: Connection from 128.x.x.x > on illegal port > > What exactly does it mean and do we need to be concerned about > this ? Seems like someone ran a probe on us or something. > > Thanks in advance, > > -Ade > ps. incidently, the machine which initiated the connection looks > like another FreeBSD machine. OK, I'll ponder this one with you as I got this message the other day in /var/log/messages: Aug 14 18:57:52 chrome named[65]: Lame delegation to 'hemi.com' from [128.x.x.x] (server for 'hemi.com'?) on query on name 'hemi.com' Notice that this involves hemi.com and I too have bleeped the from addr. I haven't got a clue in the world what this means. To be fair, I could easily have a *bad* DNS configuration here. I'm working on that. There were several such entries from different hosts. It was during a time period when a non-FreeBSD mailing list I'm on was experiencing some majorly flakey problems. I chalked it up to that. Could this also be due to the FreeBSD mail-list flake the other day? jdl