Date: Mon, 29 Apr 2002 09:43:08 +0200 From: "Patrick O'Reilly" <peri@perimeter.co.za> To: "FreeBSD Question List" <freebsd-questions@freebsd.org> Subject: Is this someone trying to Crack my box? Message-ID: <004301c1ef51$84e9aa60$b50d030a@PATRICK>
next in thread | raw e-mail | index | archive | help
Hi all,
I have picked up the following in yesterday's /var/log/messages (thank
you "daily" :)
---------
Apr 28 10:17:58 dns /kernel: pid 80215 (sshd), uid 0: exited on signal
11 (core dumped)
Apr 28 10:18:15 dns /kernel: pid 80216 (sshd), uid 0: exited on signal
11 (core dumped)
Apr 28 10:18:32 dns /kernel: pid 80217 (sshd), uid 0: exited on signal
11 (core dumped)
Apr 28 10:19:06 dns /kernel: pid 80219 (sshd), uid 0: exited on signal
11 (core dumped)
Apr 28 10:19:23 dns /kernel: pid 80220 (sshd), uid 0: exited on signal
11 (core dumped)
Apr 28 10:20:31 dns /kernel: pid 80241 (sshd), uid 0: exited on signal
11 (core dumped)
Apr 28 10:20:48 dns /kernel: pid 80250 (sshd), uid 0: exited on signal
11 (core dumped)
<snip>
Apr 28 11:07:14 dns /kernel: pid 80595 (sshd), uid 0: exited on signal
10 (core dumped)
Apr 28 11:07:29 dns /kernel: pid 80596 (sshd), uid 0: exited on signal
10 (core dumped)
Apr 28 11:07:45 dns /kernel: pid 80597 (sshd), uid 0: exited on signal
10 (core dumped)
Apr 28 11:08:01 dns /kernel: pid 80598 (sshd), uid 0: exited on signal
10 (core dumped)
Apr 28 11:08:16 dns /kernel: pid 80599 (sshd), uid 0: exited on signal
10 (core dumped)
Apr 28 11:08:32 dns /kernel: pid 80600 (sshd), uid 0: exited on signal
10 (core dumped)
---------
The message occurs 108 times. The lines above are the first few and
last few only.
Is this an attempt to break in?
This box is still running 4.2-RELEASE with the standard sshd shipped
with that release, though bind has been updated to BIND 9.1.3.
'last' reveals nothing untoward, but any decent root kit would take care
of that I'm sure.
uptime is over 20 days, so the above attempt does not appear to caused a
restart.
Any wisdom?
Regards,
Patrick O'Reilly.
___ _ __
/ _ )__ __ (_)_ __ ___ _/ /____ __
/ __/ -_) _) / ~ ) -_), ,-/ -_) _)
/_/ \__/_//_/_/~/_/\__/ \__/\__/_/
http://www.perimeter.co.za
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004301c1ef51$84e9aa60$b50d030a>