From owner-freebsd-questions  Wed Aug 12 02:32:51 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA28877
          for freebsd-questions-outgoing; Wed, 12 Aug 1998 02:32:51 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from notabene.zer0.org (sac-port290.jps.net [209.63.247.55])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA28860
          for <freebsd-questions@FreeBSD.ORG>; Wed, 12 Aug 1998 02:32:46 -0700 (PDT)
          (envelope-from gsutter@n1.dyn.ml.org)
Received: (from gsutter@localhost)
	by notabene.zer0.org (8.8.7/8.8.8) id CAA11095;
	Wed, 12 Aug 1998 02:31:55 -0700 (PDT)
	(envelope-from gsutter)
Message-ID: <19980812023154.D10322@notabene.zer0.org>
Date: Wed, 12 Aug 1998 02:31:54 -0700
From: Gregory Sutter <gsutter@pobox.com>
To: "sysadmin@mfn.org" <sysadmin@mfn.org>,
        "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG>
Subject: Re: "Intruder Alert"???
References: <01BDC59B.56235200@noc.mfn.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.1i
In-Reply-To: <01BDC59B.56235200@noc.mfn.org>; from sysadmin@mfn.org on Wed, Aug 12, 1998 at 02:45:40AM -0500
Organization: Zer0
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Aug 12, 1998 at 02:45:40AM -0500, sysadmin@mfn.org wrote:
> While sniffing my network in the middle of the night,
> trying to figure out what the $^&*^ is going on here
> with the crazy NFS problems here, I got the following
> on my telnet login (prefaced with a couple of beeps):
> 
> measl@smaug$ su -l root
> su: kerberos: not in root's ACL.
> Password:
> ccd /Security check: INTRUDER ALERT!      
> 
> Where does this *come from*?  I've never seen nor
> heard of it before, so I have no way of trying to
> look at whatever triggered it (probably me, but
> who knows?).  BTW: all looks normal in terms
> of who is on and where they are on (as well as what
> they are doing).

Ponder no more, you've been bitten by the fortune teller!  Kinda shocks
you at first, until you realize... _if_ you realize. :)

edge gsutter /usr/share/games/fortune $cat fortunes | grep "Security check"    
Security check: INTRUDER ALERT!
edge gsutter /usr/share/games/fortune $

Greg
-- 
Gregory S. Sutter                 Bureaucrats cut red tape -- lengthwise.
mailto:gsutter@pobox.com
http://www.pobox.com/~gsutter/
PGP DSS public key 0x40AE3052

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message