I went to whois and found the location of the offenders. I had another attack form a different source: ftpd[8877]: getpeername (in.ftpd): Transport endpoint is not connected telenetllc03.erols.com I just added the following line to /etc/hosts.deny. Will it stop any of the attacks? in.telnetd, in.ftpd, in.tftpd, in.fingerd: ALL EXCEPT LOCAL, .[domain].net > SoloCDM wrote: > > > > My messages file shows "telnetd[21882]: ttloop: peer died: Invalid or > > incomplete multibyte or wide character" and my tcpdump file shows the > > consistent IP outside intruder as 198.79.30.20. What exactly > > happened? Is my system infected, affected, or what? ********************************************************************* Signed, SoloCDM - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
