[NTLUG:Discuss] Have I been hacked?
David Stanaway
david at stanaway.net
Wed Apr 10 02:33:59 CDT 2002
On Wed, 2002-04-10 at 00:20, Bobby Sanders wrote:
> On April 5th LogWatch shows:
>
> Connections:
> Service in.telnetd:
> 216.139.215.3: 1 Time(s)
>
> On April 9th LogWatch shows:
>
> --------------------- sendmail Begin ------------------------
>
> 676590 bytes transferred
> 96 messages sent
>
> **Unmatched Entries**
>
> gethostbyaddr(206.50.48.104) failed: 2
>
> ---------------------- sendmail End -------------------------
>
> I've never sent 96 messages at once on purpose. (This machine is not
> on a local area network.)
Do you have an open relay?
(Sorry, I don't use senmail, so I don't know the relay settings in the
sentmail config off the top of my head)
Are there exploits for your version of telnetd? I haven't heard of any
exploits for telnetd recently (Other than tcpdump) Look at you wtmp logs
last -f /var/log/wtmp.1 etc.. for around the time of the telnet login to
see who logged in, and where from.
Thats a start anyway.
--
David Stanaway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 524 bytes
Desc: This is a digitally signed message part
Url : http://ntlug.org/pipermail/discuss/attachments/20020410/88d8e204/attachment.bin
More information about the Discuss
mailing list