[plug] Crackers!
Terry Porter
tp at gronk.apana.org.au
Sat Jul 11 17:04:32 WST 1998
Hi all,
Can anyone shed any light on this log? I disconnected from my isp shortly
afterwards. Does it look like an exploit?
Jul 7 12:57:04 gronk tcplogd: port 13384 connection attempt from
root at graft.XCF.Berkeley.EDU
Jul 7 12:58:01 gronk tcplogd: port 13451 connection attempt from
unknown at graft.XCF.Berkeley.EDU
Jul 7 12:58:42 gronk tcplogd: port 13557 connection attempt from
unknown at graft.XCF.Berkeley.EDU
Jul 7 13:17:29 gronk kernel: general protection: 0000
Jul 7 13:17:29 gronk kernel: CPU: 0
Jul 7 13:17:29 gronk kernel: EIP: 0010:[free_wait+27/68]
Jul 7 13:17:29 gronk kernel: EFLAGS: 00010246
Jul 7 13:17:29 gronk kernel: eax: 00fef000 ebx: 00fef00c ecx:
00000000 edx: 00000003
Jul 7 13:17:29 gronk kernel: esi: 004c3d80 edi: 00941e9c ebp:
00000000 esp: 00941e74
Jul 7 13:17:29 gronk kernel: ds: 0018 es: 0018 fs: 002b gs: 002b
ss: 0018
Jul 7 13:17:29 gronk kernel: Process worklog (pid: 8964, process nr: 50,
stackpage=00941000)
Jul 7 13:17:29 gronk kernel: Stack: 00000001 004c3d80 00000000 0012c28e
00941e9c 00000001 00000
000 bfffecb8
Jul 7 13:17:29 gronk kernel: 4003f6a8 00fef000 00000000 00fef000
0012c4e3 00000001 00941
f54 00941f14
Jul 7 13:17:29 gronk kernel: 00941ed4 00941f74 00941f34 00941ef4
4003f6a8 00000001 bfffe
c84 bfffecc0
Jul 7 13:17:29 gronk kernel: Call Trace: [do_select+414/484]
[sys_select+383/588] [tty_default_
put_char+30/40] [opost+440/456] [write_chan+247/400] [tty_write+220/304]
[sys_write+313/372]
Jul 7 13:17:29 gronk kernel: [old_select+63/80]
[system_call+85/124]
Jul 7 13:17:29 gronk kernel: Code: 83 81 fc 88 00 fa 8b 4b 04 01 40 00 00
8b 42 04 39 18 00 81
Thanks
terry
More information about the plug
mailing list