[plug] Am I Being Hacked?
Earnshaw, Mike
earnshawm at wa.switch.aust.com
Tue May 9 10:39:15 WST 2000
List,
Noticed this in the log today ....
=====start=====
Security Violations
=-=-=-=-=-=-=-=-=-=
May 8 17:49:59 usswa login[14597]: FAILED LOGIN 1 FROM (null) FOR
z.a^Z?toE~o^Pm%?^A^Ga^GLC, User not known to the underlying authentication
module
May 8 17:50:03 usswa login[14597]: FAILED LOGIN 2 FROM (null) FOR
ÕSåtƳÿçþD4ôÿï~ÿ}#À!}!}%} }4}"}&} }*} } }%}&}
}!ï}9}'}"}(}"p¯~Tþ$âê%/-ïÉÁÂ^SG"h^B'<^_³^VÌÊ¿ó÷sÿõ^Oï;Óq-, User not known
to the underlying authentication module
May 8 17:50:11 usswa login[14597]: FAILED LOGIN 3 FROM (null) FOR
~ÿ}#À!}!}&} }4}"}&} }*} } }%}&}
}!ï}9}'}"}(}"º}2~Pü Ãô?¡ïO?-?>^W´8yY^A-YþÛÿ>Åï^RS$I'ÊùËo¥ÿÔÿ¤û(tm)Iþÿï~¢f·¨1
2CûþÎäI¼×GÝ^N|^PÜÿï~ÿ}#À!}!}'} }4}"}&} }*} } }%}&} }!ï}9}'}"}(}"ó~6Y, User
not known to the underlying authentication module
May 8 17:50:12 usswa login[14597]: FAILED LOGIN SESSION FROM (null) FOR
,4d8Ñó*...©úÞ\ÀÒ ç£^VÌä"þ^], User not known to the underlying authentication
module
=====end=====
bit concerned and I dont know what it means. I have also been getting alot
of attempts to establish connections on weird ports like 3 (Compression
Process??) and some higher undocumented ones.
Whilst our LRP seems to be stopping these I am a bit concerned. Should I
start looking for other things on my system that may indicate a successful
attack. I am really green in relation to security and I guess since I know
so little, I know there are lots of people who could easily fool me.
I would appreciate any comments please.
TIA
----------------------------------------------------------------------------
Mike Earnshaw | "It don't mean a thing if | e-mail in header
Computer Systems | you cain't get that Ping...." | Tel: +61 8 9256 1099
Support | Duke Ellington, 1932 | Fax: +61 8 9256 1199
----------------------------------------------------------------------------
Union Switch & Signal, 24 Bannick Court, Canning Vale, WA 6155, Australia
----------------------------------------------------------------------------
More information about the plug
mailing list