Snort mailing list archives

need help

From: "Eduard Meiler" <edik () meiler org>
Date: Tue, 7 Aug 2001 02:07:39 +0200
Hallo,

I have a problem with a log. Can somebody tell what happend with my system
at Aug 6 13.48.00 and 14.17.00 , when somebody tried to log in via ftp. Did
this person installed something on my system ?
How can I see why my system made a reboot at 13.17. ?

waiting for help

regards
eduard

Aug  6 08:47:12 wall pppd[23359]: Local IP address changed to 217.5.91.5
Aug  6 08:47:13 wall pppoe[27033]: Bad TCP checksum 1
Aug  6 09:00:00 wall kernel: Sorry: masquerading timeouts set
5DAYS/2MINS/60SECS
Aug  6 09:00:00 wall pppd[27104]: not replacing default route to ppp0
[193.158.131.29]
Aug  6 09:10:05 wall sendmail[27130]: gethostbyaddr(10.64.64.65) failed: 1
Aug  6 08:47:12 wall pppd[23359]: Local IP address changed to 217.5.91.5
Aug  6 08:47:13 wall pppoe[27033]: Bad TCP checksum 1
Aug  6 09:00:00 wall kernel: Sorry: masquerading timeouts set
5DAYS/2MINS/60SECS
Aug  6 09:00:00 wall pppd[27104]: not replacing default route to ppp0
[193.158.131.29]
Aug  6 09:10:05 wall sendmail[27130]: gethostbyaddr(10.64.64.65) failed: 1
Aug  6 13:17:13 wall kernel: ip_conntrack (1023 buckets, 8184 max)
Aug  6 13:17:24 wall squid[733]: Starting Squid Cache version
2.3.STABLE4-hno.CVS for i686-pc-linux-gnu...


Aug  6 13:17:13 wall kernel:   product code 4347 rev 00.12 date 01-29-00
Aug  6 13:17:13 wall kernel:   8K byte-wide RAM 5:3 Rx:Tx split,
autoselect/Autonegotiate interface.
Aug  6 13:17:13 wall kernel:   MII transceiver found at address 24, status
786d.
Aug  6 13:17:13 wall kernel:   Enabling bus-master transmits and whole-frame
receives.
Aug  6 13:17:13 wall kernel: eth1: scatter/gather disabled. h/w checksums
enabled
Aug  6 13:17:13 wall kernel: eth0: using NWAY device table, not 8
Aug  6 13:17:13 wall kernel: IPv6 v0.8 for NET4.0
Aug  6 13:17:13 wall kernel: IPv6 over IPv4 tunneling driver
Aug  6 13:17:15 wall kernel: Installing knfsd (copyright (C) 1996
okir () monad swb de).
Aug  6 13:17:24 wall kernel: eth1: using NWAY device table, not 8

Aug  6 13:17:13 wall kernel:   product code 4347 rev 00.12 date 01-29-00
Aug  6 13:17:13 wall kernel:   8K byte-wide RAM 5:3 Rx:Tx split,
autoselect/Autonegotiate interface.
Aug  6 13:17:13 wall kernel:   MII transceiver found at address 24, status
786d.
Aug  6 13:17:13 wall kernel:   Enabling bus-master transmits and whole-frame
receives.
Aug  6 13:17:13 wall kernel: eth1: scatter/gather disabled. h/w checksums
enabled
Aug  6 13:17:13 wall kernel: eth0: using NWAY device table, not 8
Aug  6 13:17:13 wall kernel: IPv6 v0.8 for NET4.0
Aug  6 13:17:13 wall kernel: IPv6 over IPv4 tunneling driver
Aug  6 13:17:15 wall kernel: Installing knfsd (copyright (C) 1996
okir () monad swb de).
Aug  6 13:17:24 wall kernel: eth1: using NWAY device table, not 8

Aug  6 13:48:00 wall proftpd[898]: connect from 217.5.68.153 (217.5.68.153)
Aug  6 13:48:00 wall proftpd[898]: wall.gelbart.de
(pD9054499.dip.t-dialin.net[217.5.68.153]) - FTP session opened.
Aug  6 13:48:00 wall proftpd[898]: wall.gelbart.de
(pD9054499.dip.t-dialin.net[217.5.68.153]) - no such user 'anonymous'
Aug  6 13:48:01 wall last message repeated 4 times
Aug  6 13:48:01 wall proftpd[898]: wall.gelbart.de
(pD9054499.dip.t-dialin.net[217.5.68.153]) - USER anonymous: no such user
found from pD9054499.dip.t-dialin.net [217.5.68.153] to 217.5.91.17:21
Aug  6 13:48:01 wall proftpd[898]: wall.gelbart.de
(pD9054499.dip.t-dialin.net[217.5.68.153]) - FTP session closed.

Aug  6 14:17:27 wall proftpd[1006]: connect from 217.5.68.153 (217.5.68.153)
Aug  6 14:17:27 wall proftpd[1006]: wall.gelbart.de
(pd9054499.dip.t-dialin.net[217.5.68.153]) - FTP session opened.
Aug  6 14:17:27 wall proftpd[1006]: wall.gelbart.de
(pd9054499.dip.t-dialin.net[217.5.68.153]) - no such user 'anonymous'
Aug  6 14:17:27 wall last message repeated 4 times
Aug  6 14:17:27 wall proftpd[1006]: wall.gelbart.de
(pd9054499.dip.t-dialin.net[217.5.68.153]) - USER anonymous: no such user
found from pd9054499.dip.t-dialin.net [217.5.68.153] to 217.5.91.17:21
Aug  6 14:17:27 wall proftpd[1006]: wall.gelbart.de
(pd9054499.dip.t-dialin.net[217.5.68.153]) - FTP session closed.



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

need help Eduard Meiler (Aug 06)