Re: identd log entries
From: Tim Haynes (usenet-20040330_at_stirfried.vegetable.org.uk)
Date: 03/30/04
- Next message: /dev/rob0: "Re: identd log entries"
- Previous message: Matthias Czapla: "Re: encryption programs"
- In reply to: /dev/rob0: "identd log entries"
- Next in thread: /dev/rob0: "Re: identd log entries"
- Reply: /dev/rob0: "Re: identd log entries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Mar 2004 20:58:39 +0100
"/dev/rob0" <rob0@gmx.co.uk> writes:
> I found in my syslog a large number of identd entries like this one,
> beginning a fortnight ago:
> #v+
> Mar 15 11:06:48 room101 in.identd[12875]: reply to x.y.z.14: 3258 , 25 : ERROR: UNKNOWN-ERROR
> #v-
> There tend to be several listings for each IP address, clustered
> together, with a wide variety of IP addresses overall. Sometimes the
> first 2-3 quads are similar in different IP addresses.
>
> Any ideas? Have I been cracked? :) (PS: I already know what it was; just
> testing for responses I get. :)
Yes, you must disconnect the box NOW and perform a full audit. Do not plug
it back in until you're sure it's clean. In fact, it's time you got Mark to
reinstall the box for you...
~Tim
-- No more sun, No more wind |piglet@stirfried.vegetable.org.uk Only this strange feeling |http://spodzone.org.uk/cesspit/ Living without moving |
- Next message: /dev/rob0: "Re: identd log entries"
- Previous message: Matthias Czapla: "Re: encryption programs"
- In reply to: /dev/rob0: "identd log entries"
- Next in thread: /dev/rob0: "Re: identd log entries"
- Reply: /dev/rob0: "Re: identd log entries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
