Hi Mike,
> I'd ask, however, for clarification from Ben, as to whether or not user
> "operator" has a password, no password at all, or the normal "*" in the
> password field.
If I understand Joshua correctly, this is finger information about the
attempting system. It seems as if that system (=211.57.229.2) is hacked and
remotely controlled by user operator on a pts from 21dial234.xnet.ro.
The mail about the other attempt indicates a direct attempt by user root who
is logged in on tty1 on the remote system.
> > >Subject: portmap attempt on thor from 211.57.229.2 (211.57.229.2)
> > >
> > > [211.57.229.2]
> > > Login: operator Name: operator
> > > Directory: /root Shell: /bin/sh
> > > On since Mon Mar 5 13:13 (KST) on pts/1 from 21dial234.xnet.ro
By the way, a little snipping is allright... TIA.
Bye,
Leonard.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
