[NTLUG:Discuss] suspicious output from "last -d" command
Eric Waguespack
ewaguespack at gmail.com
Wed Oct 31 12:18:39 CDT 2007
in addition to last, the commands 'w' and 'who' show you who is
currently on your system.
but the bottom line is that people cannot be logging into a freshly
installed system unless you installed a service that allows logins,
such as telnet, ssh, ftp, etc... Ubuntu has a closed by default port
policy.
On 10/31/07, Ed Leach <ntlug at levelofdetail.com> wrote:
> Eric Schnoebelen wrote:
>
> > I would suggest using `-a' to place the IP address/hostname at the
> > end of the output line, and then adding `-d' to have it resolve
> > the IP addresses into hostnames.
> >
>
> Thanks for the replies to this thread.
>
> I took Eric's advice (last -a -d) and got the output below. (User and
> date columns deleted for readability. The user was always my user name.)
>
> This does look scary to me!
>
> On my reinstalled system I'm checking last very often.
>
> Ed
>
> ----------------------
>
> system boot (05:07) jensch-ether-8.Informatik.Uni-Oldenburg.DE
> pts/0 (09:42) 50.232.7.0
> pts/0 (02:47) 21.226.7.0
> pts/0 (00:00) 62.92.8.0
> :0 (12:40) localhost
> system boot (12:40) 40.123.8.0
> pts/0 (06:03) 174.42.15.0
> pts/0 (00:03) 21.193.4.0
> :0 (10:25) localhost
> system boot (10:25) 118.143.5.0
> pts/1 (06:23) 0-2.1-85.cust.bluewin.ch
> pts/1 (00:02) 8.81.13.0
> pts/1 (00:37) 107.68.4.0
> pts/0 (1+01:36) 224.95.9.0
> :0 (1+08:26) localhost
> system boot (1+08:27) 21.127.7.0
> :0 (11:09) localhost
> system boot (11:09) c-75-65-2-0.hsd1.tn.comcast.net
> :0 (03:52) localhost
> system boot (03:52) 84.116.7.0
> pts/1 (06:05)
> reserved-multicast-range-NOT-delegated.example.com
> pts/0 (06:28) 153.246.10.0
> :0 (06:41) localhost
> system boot (06:42) 167.142.13.0
> pts/0 (19:29) 0.sub-72-127-5.myvzw.com
> :0 (1+02:40) localhost
> system boot (1+02:40) 178.62.7.0
> pts/4 (03:02) 182.5.14.0
> pts/1 (03:33) 122x215x1x0.ap122.ftth.ucom.ne.jp
> pts/4 (00:38) localhost
> pts/3 (04:05) ALille-253-1-3-net.w90-7.abo.wanadoo.fr
> pts/2 (04:24) 153.220.6.0
> pts/1 (02:14) 176.239.11.0
> pts/0 (10:36) 0.sub-72-110-14.myvzw.com
> :0 (11:09) localhost
> system boot (11:10) 238.56.11.0
> pts/1 (00:09) 207.53.6.0
> pts/3 (00:26) 185.155.6.0
> pts/2 (06:00) 38.117.4.0
> pts/1 (03:08) 27.46.1.0
> pts/0 (07:42) 179.15.13.0
> :0 (08:01) localhost
> system boot (08:01)
> reserved-multicast-range-NOT-delegated.example.com
> pts/1 (03:11) 46.30.5.0
> pts/1 (00:00) 125.91.9.0
> pts/0 (10:09) n003-000-000-000.static.ge.com
> :0 (10:11) localhost
> system boot (10:11) 56.39.5.0
> pts/0 (00:04) 0.Red-88-20-4.staticIP.rima-tde.net
> :0 (06:14) localhost
> system boot (06:14) 105.23.9.0
> :0 (00:01) localhost
> system boot (00:01) 112.109.8.0
> pts/0 (00:03) 224.153.10.0
> :0 (00:23) localhost
> system boot (00:23) 136.49.13.0
> pts/2 (05:13) 34.216.6.0
> pts/1 (05:13) 26.76.1.0
> pts/0 (07:40) 52.36.15.0
> :0 (08:51) localhost
> system boot (08:51) 168.254.5.0
> pts/0 (05:57) 85-156-2-0.elisa-mobile.fi
> :0 (06:06) localhost
> system boot (06:07) 101.63.8.0
> :0 (08:49) localhost
> system boot (08:49) 254.79.8.0
> pts/1 (02:29) 213.76.12.0
> pts/0 (09:36) 1.167.6.0
> :0 (10:15) localhost
> system boot (10:16) 193.54.2.0
> pts/0 (07:38)
> reserved-multicast-range-NOT-delegated.example.com
> :0 (07:52) localhost
> system boot (07:52) 103.80.4.0
> pts/5 (04:59) 155.52.6.0
> pts/4 (00:20) 175.203.8.0
> pts/3 (00:21) 15.253.12.0
> pts/2 (09:19) 99.59.4.0
> pts/1 (10:04) 101.61.1.0
> pts/0 (10:26) softbank126009009000.bbtec.net
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list