Hey Folks,
Theres a bit of information that you all seemed to over look here.. The
email that Ben Ocean had forwarded to the list was generated by a program
that was watching connections to his local machine.
The email was triggered by... (read the subject.) Thats right. A portmap
probe to his local machine 'thor' FROM 212.205.199.91. If you look a bit
further down in the email, you'll notice that the program also includes
remote FINGER information on the system who attempted the portmap prob.
In this case, it was initiated by user root on 212.205.199.91... who was
currently logged into 212.205.199.91 on tty1.
From the information that you have provided, I think it would be safe to
assume that you have NOT been hacked.
The same holds true for the second email you sent to the list included
below..
Best Regards,
Joshua Hirsh
efni CONNECT
UNIX Systems Administration
[EMAIL PROTECTED]
Tel: (705) 474-3364 ext. 2557
Fax: (705) 472-9202
> >Subject: portmap attempt on thor from 212.205.199.91 (212.205.199.91)
> >
> > [212.205.199.91]
> > Login: root Name: root
> > Directory: /root Shell: /bin/bash
> > On since Sun Mar 4 00:41 (EET) on tty1 20 hours 11 minutes idle
> > (messages off)
> > New mail received Wed Feb 28 17:18 2001 (EET)
> > Unread since Tue Feb 13 23:55 2001 (EET)
> > No Plan.
>Subject: portmap attempt on thor from 211.57.229.2 (211.57.229.2)
>
> [211.57.229.2]
> Login: operator Name: operator
> Directory: /root Shell: /bin/sh
> On since Mon Mar 5 13:13 (KST) on pts/1 from 21dial234.xnet.ro
> 19 seconds idle
> On since Mon Mar 5 13:23 (KST) on pts/2 from 21dial234.xnet.ro
> 12 minutes 19 seconds idle
> Last login Mon Mar 5 13:23 (KST) on 2 from 21dial234.xnet.ro
> No mail.
> No Plan.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
