Date: Sat, 13 Jun 1998 08:56:21 PDT From: "Min Huang" <huang_min@hotmail.com> To: robert@chalmers.com.au Cc: questions@FreeBSD.ORG Subject: Re: How to kick this user out? continue Message-ID: <19980613155623.12701.qmail@hotmail.com>
next in thread | raw e-mail | index | archive | help
Hi,sir, Actually, I have not found the process the user run, and the user is idle, there's no package transfered between the user's original IP and my machine. Strange! Any suggestions? Huang Min >From robert@chalmers.com.au Thu Jun 11 00:15:13 1998 >Received: from chalmers.com.au (carbon.chalmers.com.au [203.1.96.26]) > by nanguo.chalmers.com.au (8.8.8/8.8.8) with ESMTP id RAA09824 > for <huang_min@hotmail.com>; Thu, 11 Jun 1998 17:14:28 +1000 >Hi, >do you have a program called 'tcpdump' on your system? If you enable this, you >can then watch this port and see exactly what that user is doing. tcpdump >watches all thraffic through a site, or down to even one port. It is very >useful for tracking strange users. > >Is 172.24.13.80 one of your numbers? Or is it a number from outside > >Have you tried typing > 'ps -ax | more' > >Or better yet, 'ps -t S4' >This will show you exactly what processes that user is running. > >cheers >Robert > > >Min Huang wrote: >> >> Hello,sir, >> >> Thanks for replying my last mail so quick, I think I've not accounted >> my situation clearly. Here is the result. >> #who >> bbs ttyqe Jun 11 14:10 (10.150.15.10) >> bbs ttyqq Jun 11 13:46 (10.150.15.102) >> bbs ttyrp Jun 11 14:25 (172.18.32.20) >> bbs ttyQo Jun 11 14:03 (10.150.15.58) >> bbs ttyS4 Jun 10 18:57 (172.24.13.80) >> #w >> bbs qe 10.150.15.10 2:10PM 29 bbs h 10.150.15.10 >> /dev/ttyqe >> bbs qq 10.150.15.102 1:46PM 50 bbs h 10.150.15.102 >> /dev/ttyqq >> bbs rp 172.18.32.20 2:25PM 15 bbs h 172.18.32.20 >> /dev/ttyrp >> bbs Qo 10.150.15.58 2:03PM - bbs h 10.150.15.58 >> /dev/ttyQo >> bbs S4 172.24.13.80 Wed06PM 19:44 - >> #ps -U bbs >> 697 pj- I 0:03.16 bin/chatd 3 >> 26389 qe Is+ 0:00.14 bbs h 10.150.15.10 /dev/ttyqe >> 26288 qq Is+ 0:00.13 bbs h 10.150.15.102 /dev/ttyqq >> 26447 rp Ss+ 0:00.29 bbs h 172.18.32.20 /dev/ttyrp >> 694 Qh- S 0:09.93 bin/chatd 2 >> 26352 Qo Ss+ 0:00.32 bbs h 10.150.15.58 /dev/ttyQo >> >> Note on the user at ttyS4, I don't know what's he doing and how >> this situation happen. >> Thank you for replying this to huang_min@hotmail.com, I'm not >> at this list. >> >> Huang Min >> >> ______________________________________________________ >> Get Your Private, Free Email at http://www.hotmail.com >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message > >-- > Support Whirled Peas. Business in China? China House > robert@chalmers.com.au ph:61 7 49440357 fx:61 7 49578425 > China House Uses Webposition to ensure Top Spot in Searches > http://www.chalmers.com.au/ChinaHouse/Business/webposition > ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980613155623.12701.qmail>