Hello Whomever , Start here It should be able to give you enough to pull together what you need , Particularly the other URL pointers . Hth , JimL http://bastille-linux.sourceforge.net/ On Sat, 2 Sep 2000, SoloCDM wrote: > I went to whois and found the location of the offenders. > I had another attack form a different source: > ftpd[8877]: getpeername (in.ftpd): Transport endpoint is not connected > telenetllc03.erols.com > I just added the following line to /etc/hosts.deny. Will it stop any > of the attacks? > in.telnetd, in.ftpd, in.tftpd, in.fingerd: ALL EXCEPT LOCAL, > .[domain].net > > SoloCDM wrote: > > > My messages file shows "telnetd[21882]: ttloop: peer died: Invalid or > > > incomplete multibyte or wide character" and my tcpdump file shows the > > > consistent IP outside intruder as 198.79.30.20. What exactly > > > happened? Is my system infected, affected, or what? +----------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network Engineer | 25416 22nd So | Give me Linux | | babydr@baby-dragons.com | DesMoines WA 98198 | only on AXP | +----------------------------------------------------------------+ - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
