Date: Mon, 21 Aug 1995 15:17:15 -0500 From: Jon Loeliger <jdl@chrome.onramp.net> To: Ade Barkah <mbarkah@hemi.com> Cc: hackers@freebsd.org Subject: Re: rlogin on illegal port Message-ID: <199508212017.PAA03194@chrome.onramp.net> In-Reply-To: Your message of "Mon, 21 Aug 1995 13:57:58 MDT." <199508211957.NAA07189@hemi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Apparently, Ade Barkah scribbled:
> Hello,
>
> One of our FreeBSD 2.0.5 machines showed the following within
> the console messages:
>
> (date) (time) (hostname) rlogin [3643]: usage rlogind [-aln]
> (date) (time) (hostname) rlogin [3643]: Connection from 128.x.x.x
> on illegal port
>
> What exactly does it mean and do we need to be concerned about
> this ? Seems like someone ran a probe on us or something.
>
> Thanks in advance,
>
> -Ade
> ps. incidently, the machine which initiated the connection looks
> like another FreeBSD machine.
OK, I'll ponder this one with you as I got this message the other day
in /var/log/messages:
Aug 14 18:57:52 chrome named[65]: Lame delegation to 'hemi.com'
from [128.x.x.x] (server for 'hemi.com'?) on query on name 'hemi.com'
Notice that this involves hemi.com and I too have bleeped the from addr.
I haven't got a clue in the world what this means. To be fair, I
could easily have a *bad* DNS configuration here. I'm working on that.
There were several such entries from different hosts. It was during
a time period when a non-FreeBSD mailing list I'm on was experiencing
some majorly flakey problems. I chalked it up to that. Could this also
be due to the FreeBSD mail-list flake the other day?
jdl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199508212017.PAA03194>