2.0.33 attacked!

Gerhard Mack (gmack@imag.net)
Mon, 23 Mar 1998 13:20:20 -0800 (PST)

I picked this up from a friend who's computer was attacked, the attacker
would only reveal that this is a big in 2.0.33.

Any help would be appreciated.

nasa:/var/log# tail -f messages
Feb 22 15:04:36 nasa in.rshd[442]: connect from 200.231.198.213
Feb 22 15:04:36 nasa rshd[442]: Connection from 200.231.198.213 on illegal
port
Feb 22 15:04:36 nasa in.rshd[443]: connect from 200.231.198.213
Feb 22 15:04:36 nasa rshd[443]: Connection from 200.231.198.213 on illegal
port
Feb 22 15:04:37 nasa in.rshd[444]: connect from 200.231.198.213
Feb 22 15:04:37 nasa rshd[444]: Connection from 200.231.198.213 on illegal
port
Feb 22 15:04:37 nasa in.rshd[445]: connect from 200.231.198.213
Feb 22 15:04:37 nasa rshd[445]: Connection from 200.231.198.213 on illegal
port
Feb 22 15:04:39 nasa in.rshd[447]: connect from 200.231.198.213
Feb 22 15:04:39 nasa rshd[447]: Connection from 200.231.198.213 on illegal
port

r/log# tail -f syslog
4:58:31 nasa in.telnetd[286]: refused connect from 200.231.198.213
4:58:31 nasa in.telnetd[287]: refused connect from 200.231.198.213
4:58:31 nasa in.telnetd[288]: refused connect from 200.231.198.213
4:58:31 nasa inetd[63]: telnet/tcp server failing (looping), service
terminated
4:58:31 nasa in.telnetd[289]: refused connect from 200.231.198.213
4:58:33 nasa in.telnetd[250]: refused connect from 200.231.198.213
5:01:28 nasa sendmail[76]: NOQUEUE: SYSERR(warthog): getrequests: accept:
Conne
5:03:35 nasa inetd[63]: login/tcp server failing (looping), service
terminated
5:04:38 nasa inetd[63]: shell/tcp server failing (looping), service
terminated
5:07:35 nasa inetd[63]: auth/tcp server failing (looping), service
terminated

--
Gerhard Mack
gmack@imag.net
innerfire@starchat.net


As a computer I find your faith in technology amusing. 




-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu