Re: Why does an ip resolving to Genuity appear in my /var/log/wtmp?

From: Barry Margolin (barmar@genuity.net)
Date: 01/23/03 

From: Barry Margolin <barmar@genuity.net>
Date: Thu, 23 Jan 2003 15:35:12 GMT

In article <b0o5si$jfj$1@dolly.uninett.no>,
Frank Ove Limstrand <Frank.Limstrand@nb.no> wrote:
>last -adix on my RH 8.0 gives me this:
>
>frankl pts/3 Thu Jan 16 09:35 - 11:30 (01:54) 0.0.0.0
>frankl pts/2 Thu Jan 16 09:35 - 15:54 (5+06:19) 0.0.0.0
>frankl pts/1 Thu Jan 16 09:35 still logged in 0.0.0.0
>frankl :0 Thu Jan 16 08:51 still logged in 136.46.1.64
>root tty1 Thu Jan 16 08:49 - 08:50 (00:01) 0.0.0.0
>runlevel (to lvl 5) Thu Jan 16 08:38 - 08:25 (6+23:47) 0.0.0.0
>reboot system boot Thu Jan 16 08:38 (6+23:47) 0.0.0.0
>frankl :0 Thu Jan 16 08:26 - crash (00:12) 136.46.1.64
>root tty1 Thu Jan 16 08:24 - crash (00:13) 0.0.0.0
>
>Does the output from last -adix on your system look like this at all?
>Especially the ":0" lines? Is those the only lines where you find
>mysterious ip-addresses?
>
>The 136.46.1.64 address is not one of ours.

:0 means an xterm window on the local host. It looks to me like xterm is
putting garbage in /var/log/wtmp when it does this, and then last is trying
to interpret the garbage as an IP address. 

-- 
Barry Margolin, barmar@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.