Date: Wed, 22 Sep 1999 09:09:38 +1200 (NZST) From: Jonathan Chen <jonc@logisticsoftware.co.nz> To: Joe Bo <ibjoe@home.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: is this an attack? Message-ID: <Pine.SC5.4.10.9909220906580.8043-100000@kiwi.logisticsoftware.co.nz> In-Reply-To: <2.2.32.19990921185019.0141abb8@netmail.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 21 Sep 1999, Joe Bo wrote:
> Hi. I'm running FreeBSD v3.2. I have rc.firewall set
> for "open" and in inetd.conf everything is commented out
> except ftp, telnet, shell, login, comsat and ntalk. I
> installed the tcpwrappers port but never configured it.
> So I guess it isn't doing anything.
>
> I'm still kind of new
> at this. Today I found this stuff in my
> /var/log/messages file. Can anyone tell me what this
> means? Is this an attack of some kind?
> Should I take some kind of action to protect my machine?
> Or am I being paranoid? Thanks for any insights!
No, you're not paranoid. It does look like an attack; the giveaways
are the user-queries and the attempt to go into debug mode via
sendmail.
Inform the admins at the site involved.
Jonathan Chen
----------------------------------------------------------------------
"Nyuck, nyuck, nyuck!" - Curly
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SC5.4.10.9909220906580.8043-100000>