Strange login from /usr/bin/gnome-session

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi!

Just out of curiosity I ran "last -i" on my debian sarge and it came out
with an interesting output:

$ last -i
tadej    pts/7        0.0.0.0          Wed Oct 26 13:33   still logged
in
tadej    pts/6        0.0.0.0          Mon Oct 24 08:35 - 13:33 (2
+04:58)
tadej    pts/5        0.0.0.0          Mon Oct 24 08:35   still logged
in
tadej    pts/4        0.0.0.0          Mon Oct 24 08:35   still logged
in
tadej    pts/3        0.0.0.0          Mon Oct 24 08:35   still logged
in
tadej    pts/2        0.0.0.0          Mon Oct 24 08:35   still logged
in
tadej    pts/1        0.0.0.0          Mon Oct 24 08:35   still logged
in
tadej    pts/0        0.0.0.0          Mon Oct 24 08:20   still logged
in
tadej    :0           18.205.3.64      Mon Oct 24 08:19   still logged
in
reboot   system boot  0.0.0.0          Mon Oct 24 08:19         (3
+03:03)
root     tty3         0.0.0.0          Fri Oct 21 16:19 - 16:19  (00:00)
tadej    pts/7        0.0.0.0          Thu Oct 20 08:54 - 09:18  (00:24)
tadej    pts/8        0.0.0.0          Mon Oct 17 09:54 - 11:00  (01:05)
tadej    pts/8        0.0.0.0          Mon Oct 17 09:43 - 09:44  (00:01)
tadej    pts/6        0.0.0.0          Mon Oct 17 08:28 - down  (4
+07:52)
tadej    pts/5        0.0.0.0          Mon Oct 17 08:28 - down  (4
+07:52)
tadej    pts/4        0.0.0.0          Mon Oct 17 08:28 - down  (4
+07:52)
tadej    pts/3        0.0.0.0          Mon Oct 17 08:28 - down  (4
+07:52)
tadej    pts/2        0.0.0.0          Mon Oct 17 08:28 - down  (4
+07:52)
tadej    pts/1        0.0.0.0          Mon Oct 17 08:28 - down  (4
+07:52)
tadej    pts/0        0.0.0.0          Mon Oct 17 08:28 - down  (4
+07:52)
tadej    :0           18.205.3.64      Mon Oct 17 08:27 - down  (4
+07:53)
reboot   system boot  0.0.0.0          Mon Oct 17 08:27         (4
+07:53)


Strange, somebody from 18.205.3.64 logged on my system? And I don't run
any server program (at least not accesible from outside my firewall).
And as I understand :0 stands for local login?


$ who -a
                        Oct 24 08:19               369 id=si    term=0
exit=0
           system boot  Oct 24 08:19
           run-level 2  Oct 24 08:19                   last=S
                        Oct 24 08:19              4033 id=l2    term=0
exit=0
LOGIN      tty1         Oct 24 08:19              4404 id=1
LOGIN      tty2         Oct 24 08:19              4406 id=2
LOGIN      tty3         Oct 24 08:19              4407 id=3
LOGIN      tty4         Oct 24 08:19              4408 id=4
LOGIN      tty5         Oct 24 08:19              4410 id=5
LOGIN      tty6         Oct 24 08:19              4434 id=6
tadej    ? :0           Oct 24 08:19   ?          4629
tadej    + pts/0        Oct 24 08:20 21:16        4725 (:0.0)
tadej    + pts/1        Oct 24 08:35 00:06        4725 (:0.0)
tadej    + pts/2        Oct 24 08:35 00:12        4725 (:0.0)
tadej    + pts/3        Oct 24 08:35 00:06        4725 (:0.0)
tadej    + pts/4        Oct 24 08:35  staro       4725 (:0.0)
tadej    + pts/5        Oct 24 08:35 00:14        4725 (:0.0)
           pts/6        Oct 26 13:33                 0 id=/6    term=0
exit=0
tadej    + pts/7        Oct 26 13:33   .          4725 (:0.0)

$ ps p4629
  PID TTY      STAT   TIME COMMAND
 4629 ?        Ss     0:08 /usr/bin/gnome-session



There's no DNS for 18.205.3.64 and it belongs to MIT:

NetRange:   18.0.0.0 - 18.255.255.255
CIDR:       18.0.0.0/8
NetName:    MIT
NetHandle:  NET-18-0-0-0-1


And no record of 18.205.3.64 in any log, no netflow data from or to this
IP, google has no record of it.

Anybody have any idea how and where it came from?


Regards, Tadej

_______________________________________________
gnome-list mailing list
gnome-list@xxxxxxxxx
http://mail.gnome.org/mailman/listinfo/gnome-list
[Index of Archives]     [Fedora Desktop]     [Trinity Users]     [KDE]     [Gimp]     [Yosemite News]

  Powered by Linux