Am I hacked ?

hans papa Schneidhofer (technik.business-conzept@acco.net)
Wed, 26 May 1999 16:46:35 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pierre Morel: "IPv6 over IPv4 tunnel"
Previous message: David S. Miller: "Re: [patch] TCP/IP delacks disabled with MPI"

This is a multi-part message in MIME format.
--------------7A29EC399DB733552CE96E41
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

hi list,
have a very obscure discovery :
tonight at 4:03 I got a logfile called vgetty.modem
it is of about 89301439 blocks - a very big file.
Starting at 4.03 in the morning there are a lot of efforts to
get a connection to our system via the vgetty chat.
I have the phonenumber and all the efforts like passwords with and
without crypted passwords.

Is it possible to get a connection via vgetty or not ?
If not, what has happen ? Are there other possibilities in Linux,
so that a process can get out of control ? Maybe a bad script ?

We have a connection to the internet via an Ascend Router. 5 Computers
have a direct connection through a HUB. Only one computer has this
vgetty.mode - file. But exactly this computer has had no running vgetty
before and never had a modem installed.

What I have :
Mandrake-(redhat 5.2) Linux with kernel 2.0.36; 5 PC's running linux, 2
PC's running windows, one apple, one Sun Sparc 10 with RH 5.1 and one
SGI IRIS at this network-tree. One linux-pc acts as a gateway for the
second network-tree. But only has one direction - to the Server, not
back.

I'll send a piece of code from that vgetty.modem-file, so you can see,
what's happen.

If that is not a hacker, which possibilities I have to resolve that
problem ? What can it be otherwise ?

Your help is very appreciated and urgently needed !!!

bye, hans
sysadmin Business-CON'ZEPT
--------------7A29EC399DB733552CE96E41
Content-Type: text/plain; charset=us-ascii;
name="hackers.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="hackers.txt"

03/10 11:50:26 dem vgetty: experimental test release 0.8.1 / 25Mar98
03/10 11:50:26 dem mgetty: experimental test release 1.1.14-Apr02
03/10 11:50:26 dem reading generic configuration from config file /etc/mgetty+s
endfax/voice.conf
03/10 11:50:26 dem reading program vgetty configuration from config file /etc/m
getty+sendfax/voice.conf
03/10 11:50:26 dem reading port modem configuration from config file /etc/mgett
y+sendfax/voice.conf
03/10 11:50:26 dem check for lockfiles
03/10 11:50:26 dem locking the line
03/10 11:50:27 dem lowering DTR to reset Modem
03/10 11:50:27 dem send: \dATQ0V1H0[0d]
03/10 11:50:28 dem waiting for ``OK'' ** found **
03/10 11:50:28 dem send: ATS0=0Q0&D3&C1[0d]
03/10 11:50:28 dem waiting for ``OK'' ** found **
03/10 11:50:29 dem mdm_send: 'ATI'
03/10 11:50:29 dem USR Courier/Sportster 56k detected
03/10 11:50:29 dem mdm_send: 'ATI3'
03/10 11:50:29 dem additional info: 'Texas Instruments RK 56000 Voice Fax Rev.
4.7.30'
03/10 11:50:29 dem mdm_send: 'AT+FCLASS=2.0' -> OK
03/10 11:50:29 dem mdm_send: 'AT+FAA=1;+FCR=1' -> OK
03/10 11:50:29 dem mdm_send: 'AT+FBO=1' -> OK
03/10 11:50:30 dem mdm_send: 'AT+FNR=1,1,1,0' -> OK
03/10 11:50:30 dem mdm_send: 'AT+FLI="49 7473 921437"' -> OK
03/10 11:50:30 dem mdm_send: 'AT+FCC=1,5,0,2,0,0,0,0' -> OK
03/10 11:50:30 dem detecting voice modem type
03/10 11:50:31 dem US Robotics detected
03/10 11:50:31 dem US Robotics voice modem
03/10 11:50:31 dem This is a driver beta version. V0.4.b3
03/10 11:50:32 dem VTD setup successful

##############################################################################
# another piece of code :
#############################################################################
03/11 12:50:52 dem vgetty: experimental test release 0.8.1 / 25Mar98
03/11 12:50:52 dem mgetty: experimental test release 1.1.14-Apr02
03/11 12:50:52 dem reading generic configuration from config file /etc/mgetty+s
endfax/voice.conf
03/11 12:50:52 dem reading program vgetty configuration from config file /etc/m
getty+sendfax/voice.conf
03/11 12:50:52 dem reading port modem configuration from config file /etc/mgett
y+sendfax/voice.conf
03/11 12:50:52 dem check for lockfiles
03/11 12:50:52 dem locking the line
03/11 12:50:53 dem WARNING: DSR is off - modem turned off or bad cable?
03/11 12:50:53 dem lowering DTR to reset Modem
03/11 12:50:54 dem send: \dATQ0V1H0[0d]
03/11 12:50:54 dem waiting for ``OK''
03/11 12:51:14 dem timeout in chat script, waiting for `OK'
03/11 12:51:14 dem init chat timed out, trying force-init-chat
03/11 12:51:14 dem send: \d[10][03]\d\d\d+++\d\d\d[0d]\dATQ0V1H0[0d]
03/11 12:51:18 dem waiting for ``OK''
03/11 12:51:38 dem timeout in chat script, waiting for `OK'
03/11 12:51:38 dem init chat failed, exiting...: Interrupted system call
03/11 12:51:38 ##### failed in mg_init_data, dev=modem, pid=25221
##############################################################################

--------------7A29EC399DB733552CE96E41--

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Pierre Morel: "IPv6 over IPv4 tunnel"
Previous message: David S. Miller: "Re: [patch] TCP/IP delacks disabled with MPI"