[NTLUG:Discuss] suspicious output from "last -d" command

Ed Leach ntlug at levelofdetail.com
Wed Oct 31 11:48:48 CDT 2007 

Eric Schnoebelen wrote:

> I would suggest using `-a' to place the IP address/hostname at the
> end of the output line, and then adding `-d' to have it resolve
> the IP addresses into hostnames.
> 

Thanks for the replies to this thread.

I took Eric's advice (last -a -d) and got the output below. (User and
date columns deleted for readability. The user was always my user name.)

This does look scary to me!

On my reinstalled system I'm checking last very often.

Ed

----------------------

system boot    (05:07)     jensch-ether-8.Informatik.Uni-Oldenburg.DE
pts/0          (09:42)     50.232.7.0
pts/0          (02:47)     21.226.7.0
pts/0          (00:00)     62.92.8.0
:0             (12:40)     localhost
system boot    (12:40)     40.123.8.0
pts/0          (06:03)     174.42.15.0
pts/0          (00:03)     21.193.4.0
:0             (10:25)     localhost
system boot    (10:25)     118.143.5.0
pts/1          (06:23)     0-2.1-85.cust.bluewin.ch
pts/1          (00:02)     8.81.13.0
pts/1          (00:37)     107.68.4.0
pts/0         (1+01:36)    224.95.9.0
:0            (1+08:26)    localhost
system boot   (1+08:27)    21.127.7.0
:0             (11:09)     localhost
system boot    (11:09)     c-75-65-2-0.hsd1.tn.comcast.net
:0             (03:52)     localhost
system boot    (03:52)     84.116.7.0
pts/1          (06:05)
reserved-multicast-range-NOT-delegated.example.com
pts/0          (06:28)     153.246.10.0
:0             (06:41)     localhost
system boot    (06:42)     167.142.13.0
pts/0          (19:29)     0.sub-72-127-5.myvzw.com
:0            (1+02:40)    localhost
system boot   (1+02:40)    178.62.7.0
pts/4          (03:02)     182.5.14.0
pts/1          (03:33)     122x215x1x0.ap122.ftth.ucom.ne.jp
pts/4          (00:38)     localhost
pts/3          (04:05)     ALille-253-1-3-net.w90-7.abo.wanadoo.fr
pts/2          (04:24)     153.220.6.0
pts/1          (02:14)     176.239.11.0
pts/0          (10:36)     0.sub-72-110-14.myvzw.com
:0             (11:09)     localhost
system boot    (11:10)     238.56.11.0
pts/1          (00:09)     207.53.6.0
pts/3          (00:26)     185.155.6.0
pts/2          (06:00)     38.117.4.0
pts/1          (03:08)     27.46.1.0
pts/0          (07:42)     179.15.13.0
:0             (08:01)     localhost
system boot    (08:01)
reserved-multicast-range-NOT-delegated.example.com
pts/1          (03:11)     46.30.5.0
pts/1          (00:00)     125.91.9.0
pts/0          (10:09)     n003-000-000-000.static.ge.com
:0             (10:11)     localhost
system boot    (10:11)     56.39.5.0
pts/0          (00:04)     0.Red-88-20-4.staticIP.rima-tde.net
:0             (06:14)     localhost
system boot    (06:14)     105.23.9.0
:0             (00:01)     localhost
system boot    (00:01)     112.109.8.0
pts/0          (00:03)     224.153.10.0
:0             (00:23)     localhost
system boot    (00:23)     136.49.13.0
pts/2          (05:13)     34.216.6.0
pts/1          (05:13)     26.76.1.0
pts/0          (07:40)     52.36.15.0
:0             (08:51)     localhost
system boot    (08:51)     168.254.5.0
pts/0          (05:57)     85-156-2-0.elisa-mobile.fi
:0             (06:06)     localhost
system boot    (06:07)     101.63.8.0
:0             (08:49)     localhost
system boot    (08:49)     254.79.8.0
pts/1          (02:29)     213.76.12.0
pts/0          (09:36)     1.167.6.0
:0             (10:15)     localhost
system boot    (10:16)     193.54.2.0
pts/0          (07:38)
reserved-multicast-range-NOT-delegated.example.com
:0             (07:52)     localhost
system boot    (07:52)     103.80.4.0
pts/5          (04:59)     155.52.6.0
pts/4          (00:20)     175.203.8.0
pts/3          (00:21)     15.253.12.0
pts/2          (09:19)     99.59.4.0
pts/1          (10:04)     101.61.1.0
pts/0          (10:26)     softbank126009009000.bbtec.net

More information about the Discuss mailing list