From owner-freebsd-questions  Fri Feb 21  8:19:20 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 375DF37B405
	for <freebsd-questions@freebsd.org>; Fri, 21 Feb 2003 08:19:18 -0800 (PST)
Received: from mailout09.sul.t-online.com (mailout09.sul.t-online.com [194.25.134.84])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5D15143FBD
	for <freebsd-questions@freebsd.org>; Fri, 21 Feb 2003 08:19:17 -0800 (PST)
	(envelope-from 520023893678-0001@t-online.de)
Received: from fwd06.sul.t-online.de 
	by mailout09.sul.t-online.com with smtp 
	id 18mFtL-00052r-06; Fri, 21 Feb 2003 17:19:15 +0100
Received: from pD9017231.dip.t-dialin.net (520023893678-0001@[217.1.114.49]) by fwd06.sul.t-online.com
	with esmtp id 18mFt4-05mqp6C; Fri, 21 Feb 2003 17:18:58 +0100
Date: Fri, 21 Feb 2003 17:18:59 +0100 (CET)
From: 520023893678-0001@t-online.de (P. U. Kruppa)
Reply-To: "P.U.Kruppa" <root@pukruppa.de>
To: freebsd-questions@FreeBSD.ORG
Subject: Security Problem (?): strange logs 
Message-ID: <20030221171200.N254@small.pukruppa.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
X-Sender: 520023893678-0001@t-dialin.net
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi,

browsing my /var/log directory I found many files like these

              -----------------------------
(...)
log.=C4__=EE=C5=CD3
log._=E7___=C4
log.a0035934
log.aditi
log.alevrius_
log.alevrius_.old
log.amanda
log.amd
log.amul
log.andreas
log.ang_1730
log.angelas
log.aps-02
log.armoire
log.atpvpn
log.austinserver
log.b-64ku99an2lr25
log.baer1
log.banquet
log.barb
log.bd20g
log.gigantti-o13mbj
log.gustavo
log.gustavo.old
log.howell
log.huntfin
log.i3r1r7
log.ibm all in one

=09=09----------------------------------

Most of them are empty, some of them contain messages like this

=09=09---------------------------------

(...)
[2003/02/21 17:14:30, 0] smbd/service.c:make_connection(252)
  gustavo (80.100.23.30) couldn't find service c

               ---------------------------------

Do I have any serious security problem, or are these some
script kiddies ?

Regards,

Uli.

+-----------------------------------+
|        Peter Ulrich Kruppa        |
|          -  Wuppertal -           |
|              Germany              |
+-----------------------------------+

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message