Date: Wed, 20 Sep 2000 10:09:16 -0400 From: Brandon Fosdick <bfoz@glue.umd.edu> To: stable@freebsd.org Subject: Odd log entries...an attempted breakin? Message-ID: <39C8C50C.CA929D8C@glue.umd.edu>
next in thread | raw e-mail | index | archive | help
For the last week or so I've been seeing the following entries in /var/log/messages: Sep 10 23:07:41 nbf-27 ftpd[592]: ANONYMOUS FTP LOGIN REFUSED FROM p3EE06D80.dip.t-dialin.net Sep 11 05:12:00 nbf-27 ftpd[1141]: ANONYMOUS FTP LOGIN REFUSED FROM 128.249.222.208 Sep 13 12:21:29 nbf-27 ftpd[2051]: ANONYMOUS FTP LOGIN REFUSED FROM ip58.stamford22.ct.pub-ip.psi.net Sep 14 20:17:23 nbf-27 mountd[119]: umountall request from 128.8.38.27 from unprivileged port Sep 14 20:17:35 nbf-27 last message repeated 4 times Sep 15 10:51:48 nbf-27 rpc.statd: invalid hostname to sm_stat: ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137 Sep 15 14:50:14 nbf-27 mountd[119]: umountall request from 128.8.38.27 from unprivileged port Sep 15 14:50:48 nbf-27 last message repeated 8 times Sep 15 14:50:58 nbf-27 last message repeated 3 times Sep 15 19:04:43 nbf-27 ftpd[2384]: ANONYMOUS FTP LOGIN REFUSED FROM e16004.upc-e.chello.nl Sep 16 17:04:51 nbf-27 mountd[119]: umountall request from 128.8.38.27 from unprivileged port Sep 16 17:05:12 nbf-27 last message repeated 7 times Sep 16 17:06:04 nbf-27 last message repeated 7 times Sep 16 17:29:03 nbf-27 mountd[119]: umountall request from 128.8.38.27 from unprivileged port Sep 16 17:29:31 nbf-27 last message repeated 3 times Sep 17 01:17:11 nbf-27 rpc.statd: Invalid hostname to sm_mon: ^D÷ÿ¿^D÷ÿ¿^E÷ÿ¿^E÷ÿ¿^F÷ÿ¿^F÷ÿ¿^G÷ÿ¿^G÷ÿ¿%08x %08x %08x %08x %08x %08x %08x %08x Sep 17 16:46:26 nbf-27 mountd[119]: umountall request from 128.8.38.27 from unprivileged port Sep 17 16:46:47 nbf-27 last message repeated 9 times Sep 17 16:53:01 nbf-27 mountd[119]: umountall request from 128.8.38.27 from unprivileged port Sep 17 17:01:33 nbf-27 last message repeated 17 times Sep 17 17:07:11 nbf-27 last message repeated 19 times Sep 17 17:36:13 nbf-27 mountd[119]: umountall request from 128.8.38.27 from unprivileged port Sep 17 17:39:37 nbf-27 last message repeated 38 times Sep 17 19:12:58 nbf-27 mountd[119]: umountall request from 128.8.38.27 from unprivileged port Sep 17 19:13:03 nbf-27 last message repeated 3 times Sep 18 18:12:53 nbf-27 mountd[119]: umountall request from 128.8.38.27 from unprivileged port Sep 18 18:13:24 nbf-27 last message repeated 5 times Sep 18 18:13:28 nbf-27 last message repeated 2 times Sep 20 04:26:11 nbf-27 rpc.statd: invalid hostname to sm_stat: ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137 Sep 20 04:27:02 nbf-27 rpc.statd: invalid hostname to sm_stat: ^X÷ÿ¿^X÷ÿ¿^Y÷ÿ¿^Y÷ÿ¿^Z÷ÿ¿^Z÷ÿ¿^[÷ÿ¿^[÷ÿ¿%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137 128.8.38.27 is the address of my machine and I disabled ftpd on the 15th. So far I've just been watching to see what happens since this machine doesn't have anything important on it, but last night I started seeing the same kinds of entries on another machine here, both of which are 4.1-S. Are these normal log entries or is someone playing with my systems? What do I do about it? Thanks, Brandon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39C8C50C.CA929D8C>