VanLUG Email Archive
Alex Harford (alexh@dowco.com)
Wed, 13 Jan 1999 21:01:01 -0800 (PST)
In reply to the statement (I forget who said it, and I nuked the message)
this seems to also be true for people who are on IRC in the #linux or
#linuxos channels. I use a modem for my connection...
I noticed something *very* suspicious in my /var/log/syslog the other day.
It read:
Jan 7 13:02:21 lenin in.rshd[13500]: connect from unknown
Jan 7 13:02:53 lenin in.rshd[13504]: connect from 128.52.38.212
Jan 7 13:02:55 lenin rshd[13504]: rsh denied to root@lv02.ai.mit.edu as root: cmd='ls -al ~/.rhosts'; Permission denied.
Hmmm... I wonder. I e-mailed postmaster@ai.mit.edu (sh-utils comes from
there. Coincidence?) who replied that they had a breakin. I got to
wondering how this guy got my IP address. I had a closer look, and there
was an ident lookup from an Undernet server I connected to earlier that
day to ask a question about AfterStep. Crazy stuff :) This is the first
attempt made on my box <g>.
------------------------------------------------------------------------
Alex Harford Alcohol and calculus don't mix.
http://www.dowco.com/~alexh Don't drink and derive.
alexh@dowco.com
This archive was generated by hypermail 2.0b3 on Wed 13 Jan 1999 - 21:09:01 PST