Date: Wed, 22 Sep 1999 09:09:38 +1200 (NZST) From: Jonathan Chen <jonc@logisticsoftware.co.nz> To: Joe Bo <ibjoe@home.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: is this an attack? Message-ID: <Pine.SC5.4.10.9909220906580.8043-100000@kiwi.logisticsoftware.co.nz> In-Reply-To: <2.2.32.19990921185019.0141abb8@netmail.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 21 Sep 1999, Joe Bo wrote: > Hi. I'm running FreeBSD v3.2. I have rc.firewall set > for "open" and in inetd.conf everything is commented out > except ftp, telnet, shell, login, comsat and ntalk. I > installed the tcpwrappers port but never configured it. > So I guess it isn't doing anything. > > I'm still kind of new > at this. Today I found this stuff in my > /var/log/messages file. Can anyone tell me what this > means? Is this an attack of some kind? > Should I take some kind of action to protect my machine? > Or am I being paranoid? Thanks for any insights! No, you're not paranoid. It does look like an attack; the giveaways are the user-queries and the attempt to go into debug mode via sendmail. Inform the admins at the site involved. Jonathan Chen ---------------------------------------------------------------------- "Nyuck, nyuck, nyuck!" - Curly To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SC5.4.10.9909220906580.8043-100000>