From owner-freebsd-questions Tue Sep 21 14:10: 4 1999 Delivered-To: freebsd-questions@freebsd.org Received: from logisticsoftware.co.nz (logisticsoftware.co.nz [202.37.163.1]) by hub.freebsd.org (Postfix) with ESMTP id 17F8014E88 for ; Tue, 21 Sep 1999 14:09:59 -0700 (PDT) (envelope-from jonc@logisticsoftware.co.nz) Received: (from jonc@localhost) by logisticsoftware.co.nz (8.9.3/8.9.3) id JAA08542; Wed, 22 Sep 1999 09:09:38 +1200 (NZST) Date: Wed, 22 Sep 1999 09:09:38 +1200 (NZST) From: Jonathan Chen To: Joe Bo Cc: freebsd-questions@FreeBSD.ORG Subject: Re: is this an attack? In-Reply-To: <2.2.32.19990921185019.0141abb8@netmail.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 21 Sep 1999, Joe Bo wrote: > Hi. I'm running FreeBSD v3.2. I have rc.firewall set > for "open" and in inetd.conf everything is commented out > except ftp, telnet, shell, login, comsat and ntalk. I > installed the tcpwrappers port but never configured it. > So I guess it isn't doing anything. > > I'm still kind of new > at this. Today I found this stuff in my > /var/log/messages file. Can anyone tell me what this > means? Is this an attack of some kind? > Should I take some kind of action to protect my machine? > Or am I being paranoid? Thanks for any insights! No, you're not paranoid. It does look like an attack; the giveaways are the user-queries and the attempt to go into debug mode via sendmail. Inform the admins at the site involved. Jonathan Chen ---------------------------------------------------------------------- "Nyuck, nyuck, nyuck!" - Curly To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message