Date: Wed, 18 Aug 2004 12:54:21 +0300 From: Nikolay Pavlov <quetzal@roks.biz> To: Justin <freebsd@alt-network.com> Cc: freebsd-security@freebsd.org Subject: Re: sequences in the auth.log Message-ID: <20040818095421.GA207@roks.biz> In-Reply-To: <200408172301.28844.freebsd@alt-network.com> References: <411CCAAE.7020505@beco.hu> <200408172301.28844.freebsd@alt-network.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Justin On Tuesday, 17 August 2004 at 23:01:28 -0500, Justin wrote: > I'm seeing the same thing in my log. It makes me think it is a virus because > test, guest, and admin are not normal unix users. And I'm too. But I think that this is a some kind of Linux worm. The first record in my auth.log dated on Jul 23 01:48:30 Nmap identificates all hosts (already more than ten) in my auth.log as "Linux 2.4.0 - 2.5.20, Linux 2.4.20 (Itanium), Linux 2.4.20 - 2.4.22 w/grsecurity.org patch" Best regards, Nikolay Pavlov.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040818095421.GA207>