From owner-freebsd-questions Wed Aug 12 00:53:43 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA12842 for freebsd-questions-outgoing; Wed, 12 Aug 1998 00:53:43 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from greeves.mfn.org (greeves.mfn.org [204.238.179.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA12813 for ; Wed, 12 Aug 1998 00:53:31 -0700 (PDT) (envelope-from sysadmin@mfn.org) Received: from noc.mfn.org (noc.mfn.org [204.238.179.35]) by greeves.mfn.org (8.8.7/8.8.7) with SMTP id CAA00599 for ; Wed, 12 Aug 1998 02:52:25 -0500 (CDT) (envelope-from sysadmin@mfn.org) Received: by noc.mfn.org with Microsoft Mail id <01BDC59B.56235200@noc.mfn.org>; Wed, 12 Aug 1998 02:45:59 -0500 Message-ID: <01BDC59B.56235200@noc.mfn.org> From: "sysadmin@mfn.org" To: "'freebsd-questions@freebsd.org'" Subject: "Intruder Alert"??? Date: Wed, 12 Aug 1998 02:45:40 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG While sniffing my network in the middle of the night, trying to figure out what the $^&*^ is going on here with the crazy NFS problems here, I got the following on my telnet login (prefaced with a couple of beeps): measl@smaug$ su -l root su: kerberos: not in root's ACL. Password: ccd /Security check: INTRUDER ALERT! Where does this *come from*? I've never seen nor heard of it before, so I have no way of trying to look at whatever triggered it (probably me, but who knows?). BTW: all looks normal in terms of who is on and where they are on (as well as what they are doing). J.A. Terranson sysadmin@mfn.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message