[plug] Crackers!

Gavin Tweedie tweedie at nw.com.au
Sat Jul 11 17:46:37 WST 1998 

im no kernel hacker, but to me it looks like just an average kernel panic.
I also believe the gap of 20mins in time between the connection attempt
and the kernel panic would mean it wasnt related to the connections from
berkeley.edu

Gavin
Netway Technologies

On Sat, 11 Jul 1998, Terry Porter wrote:

> Hi all,
> Can anyone shed any light on this log? I disconnected from my isp shortly
> afterwards. Does it look like an exploit?
> 
> Jul  7 12:57:04 gronk tcplogd: port 13384 connection attempt from
> root at graft.XCF.Berkeley.EDU
> Jul  7 12:58:01 gronk tcplogd: port 13451 connection attempt from
> unknown at graft.XCF.Berkeley.EDU
> Jul  7 12:58:42 gronk tcplogd: port 13557 connection attempt from
> unknown at graft.XCF.Berkeley.EDU
> Jul  7 13:17:29 gronk kernel: general protection: 0000
> Jul  7 13:17:29 gronk kernel: CPU:    0
> Jul  7 13:17:29 gronk kernel: EIP:    0010:[free_wait+27/68]
> Jul  7 13:17:29 gronk kernel: EFLAGS: 00010246
> Jul  7 13:17:29 gronk kernel: eax: 00fef000   ebx: 00fef00c   ecx:
> 00000000   edx: 00000003
> Jul  7 13:17:29 gronk kernel: esi: 004c3d80   edi: 00941e9c   ebp:
> 00000000   esp: 00941e74
> Jul  7 13:17:29 gronk kernel: ds: 0018   es: 0018   fs: 002b   gs: 002b
> ss: 0018
> Jul  7 13:17:29 gronk kernel: Process worklog (pid: 8964, process nr: 50,
> stackpage=00941000)
> Jul  7 13:17:29 gronk kernel: Stack: 00000001 004c3d80 00000000 0012c28e
> 00941e9c 00000001 00000
> 000 bfffecb8 
> Jul  7 13:17:29 gronk kernel:        4003f6a8 00fef000 00000000 00fef000
> 0012c4e3 00000001 00941
> f54 00941f14 
> Jul  7 13:17:29 gronk kernel:        00941ed4 00941f74 00941f34 00941ef4
> 4003f6a8 00000001 bfffe
> c84 bfffecc0 
> Jul  7 13:17:29 gronk kernel: Call Trace: [do_select+414/484]
> [sys_select+383/588] [tty_default_
> put_char+30/40] [opost+440/456] [write_chan+247/400] [tty_write+220/304]
> [sys_write+313/372] 
> Jul  7 13:17:29 gronk kernel:        [old_select+63/80]
> [system_call+85/124] 
> Jul  7 13:17:29 gronk kernel: Code: 83 81 fc 88 00 fa 8b 4b 04 01 40 00 00
> 8b 42 04 39 18 00 81
> 
>      Thanks
>      terry
>

More information about the plug mailing list