Re: sequences in the auth.log
From: Devon H. O'Dell (dodell_at_sitetronics.com)
Date: 08/18/04
- Previous message: Nikolay Pavlov: "Re: sequences in the auth.log"
- In reply to: Nikolay Pavlov: "Re: sequences in the auth.log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 Aug 2004 11:56:49 +0200 To: Nikolay Pavlov <quetzal@roks.biz>, Justin <freebsd@alt-network.com>, freebsd-security@freebsd.org
Nikolay Pavlov <quetzal@roks.biz> scribbled:
> Hi, Justin
>
> On Tuesday, 17 August 2004 at 23:01:28 -0500, Justin wrote:
> > I'm seeing the same thing in my log. It makes me think it is a virus because
> > test, guest, and admin are not normal unix users.
>
> And I'm too. But I think that this is a some kind of Linux worm.
> The first record in my auth.log dated on Jul 23 01:48:30
> Nmap identificates all hosts (already more than ten) in my auth.log as
> "Linux 2.4.0 - 2.5.20, Linux 2.4.20 (Itanium), Linux 2.4.20 - 2.4.22 w/grsecurity.org patch"
>
> Best regards,
> Nikolay Pavlov.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
This has recently and fully been discussed on the full-disclosure
mailing list.
-- Kind regards, Devon H. O'Dell | dodell@sitetronics.com Key: 4D3D8CA7 | IRC: bofh@WhatNET thebofh@efnet
- application/pgp-signature attachment: stored
- Previous message: Nikolay Pavlov: "Re: sequences in the auth.log"
- In reply to: Nikolay Pavlov: "Re: sequences in the auth.log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
