Hi Philip, You might want to check if you're not able to access telnet from -inside- your machine aswell, or are you sure you've commented it out in /etc/inetd.conf? You aswell might want to check for other, suspicious-looking, failed login attempts or, in case you run snort or Portsentry, portprobes. Best regards, Chris "raz" Hoogenboezem http://w.digitalcraze.nl -----Oorspronkelijk bericht----- Van: security-discuss-bounce@xxxxxxxxxxxxxxxxx [mailto:security-discuss-bounce@xxxxxxxxxxxxxxxxx]Namens Philip Mak Verzonden: woensdag 30 april 2003 4:01 Aan: security-discuss@xxxxxxxxxxxxxxxxx Onderwerp: What do these log entries mean? Apr 29 17:37:08 lina telnetd[15972]: Connect from 200.163.59.156 Apr 29 17:37:09 lina telnetd[15972]: ttloop: retrying Apr 29 17:37:09 lina last message repeated 1474 times That was in /var/log/messages. Then at 17:37:10, there was an unauthorized login to the "nobody" account. Also: Apr 29 16:52:54 lina telnetd[5427]: Connect from 200.163.59.156 Apr 29 16:52:58 lina telnetd[5427]: ttloop: retrying Apr 29 16:52:59 lina last message repeated 28989 times And there was an unauthorized login to "nobody" at 16:53:00 too. And I don't have telnet enabled on my server (I tried telnetting to double-check, and got Connection refused as expected), so I'm confused as to why it says "telnetd". Anyone have an idea how he's getting in to my server? ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message.
