Snort mailing list archives
need help
From: "Eduard Meiler" <edik () meiler org>
Date: Tue, 7 Aug 2001 02:07:39 +0200
Hallo, I have a problem with a log. Can somebody tell what happend with my system at Aug 6 13.48.00 and 14.17.00 , when somebody tried to log in via ftp. Did this person installed something on my system ? How can I see why my system made a reboot at 13.17. ? waiting for help regards eduard Aug 6 08:47:12 wall pppd[23359]: Local IP address changed to 217.5.91.5 Aug 6 08:47:13 wall pppoe[27033]: Bad TCP checksum 1 Aug 6 09:00:00 wall kernel: Sorry: masquerading timeouts set 5DAYS/2MINS/60SECS Aug 6 09:00:00 wall pppd[27104]: not replacing default route to ppp0 [193.158.131.29] Aug 6 09:10:05 wall sendmail[27130]: gethostbyaddr(10.64.64.65) failed: 1 Aug 6 08:47:12 wall pppd[23359]: Local IP address changed to 217.5.91.5 Aug 6 08:47:13 wall pppoe[27033]: Bad TCP checksum 1 Aug 6 09:00:00 wall kernel: Sorry: masquerading timeouts set 5DAYS/2MINS/60SECS Aug 6 09:00:00 wall pppd[27104]: not replacing default route to ppp0 [193.158.131.29] Aug 6 09:10:05 wall sendmail[27130]: gethostbyaddr(10.64.64.65) failed: 1 Aug 6 13:17:13 wall kernel: ip_conntrack (1023 buckets, 8184 max) Aug 6 13:17:24 wall squid[733]: Starting Squid Cache version 2.3.STABLE4-hno.CVS for i686-pc-linux-gnu... Aug 6 13:17:13 wall kernel: product code 4347 rev 00.12 date 01-29-00 Aug 6 13:17:13 wall kernel: 8K byte-wide RAM 5:3 Rx:Tx split, autoselect/Autonegotiate interface. Aug 6 13:17:13 wall kernel: MII transceiver found at address 24, status 786d. Aug 6 13:17:13 wall kernel: Enabling bus-master transmits and whole-frame receives. Aug 6 13:17:13 wall kernel: eth1: scatter/gather disabled. h/w checksums enabled Aug 6 13:17:13 wall kernel: eth0: using NWAY device table, not 8 Aug 6 13:17:13 wall kernel: IPv6 v0.8 for NET4.0 Aug 6 13:17:13 wall kernel: IPv6 over IPv4 tunneling driver Aug 6 13:17:15 wall kernel: Installing knfsd (copyright (C) 1996 okir () monad swb de). Aug 6 13:17:24 wall kernel: eth1: using NWAY device table, not 8 Aug 6 13:17:13 wall kernel: product code 4347 rev 00.12 date 01-29-00 Aug 6 13:17:13 wall kernel: 8K byte-wide RAM 5:3 Rx:Tx split, autoselect/Autonegotiate interface. Aug 6 13:17:13 wall kernel: MII transceiver found at address 24, status 786d. Aug 6 13:17:13 wall kernel: Enabling bus-master transmits and whole-frame receives. Aug 6 13:17:13 wall kernel: eth1: scatter/gather disabled. h/w checksums enabled Aug 6 13:17:13 wall kernel: eth0: using NWAY device table, not 8 Aug 6 13:17:13 wall kernel: IPv6 v0.8 for NET4.0 Aug 6 13:17:13 wall kernel: IPv6 over IPv4 tunneling driver Aug 6 13:17:15 wall kernel: Installing knfsd (copyright (C) 1996 okir () monad swb de). Aug 6 13:17:24 wall kernel: eth1: using NWAY device table, not 8 Aug 6 13:48:00 wall proftpd[898]: connect from 217.5.68.153 (217.5.68.153) Aug 6 13:48:00 wall proftpd[898]: wall.gelbart.de (pD9054499.dip.t-dialin.net[217.5.68.153]) - FTP session opened. Aug 6 13:48:00 wall proftpd[898]: wall.gelbart.de (pD9054499.dip.t-dialin.net[217.5.68.153]) - no such user 'anonymous' Aug 6 13:48:01 wall last message repeated 4 times Aug 6 13:48:01 wall proftpd[898]: wall.gelbart.de (pD9054499.dip.t-dialin.net[217.5.68.153]) - USER anonymous: no such user found from pD9054499.dip.t-dialin.net [217.5.68.153] to 217.5.91.17:21 Aug 6 13:48:01 wall proftpd[898]: wall.gelbart.de (pD9054499.dip.t-dialin.net[217.5.68.153]) - FTP session closed. Aug 6 14:17:27 wall proftpd[1006]: connect from 217.5.68.153 (217.5.68.153) Aug 6 14:17:27 wall proftpd[1006]: wall.gelbart.de (pd9054499.dip.t-dialin.net[217.5.68.153]) - FTP session opened. Aug 6 14:17:27 wall proftpd[1006]: wall.gelbart.de (pd9054499.dip.t-dialin.net[217.5.68.153]) - no such user 'anonymous' Aug 6 14:17:27 wall last message repeated 4 times Aug 6 14:17:27 wall proftpd[1006]: wall.gelbart.de (pd9054499.dip.t-dialin.net[217.5.68.153]) - USER anonymous: no such user found from pd9054499.dip.t-dialin.net [217.5.68.153] to 217.5.91.17:21 Aug 6 14:17:27 wall proftpd[1006]: wall.gelbart.de (pd9054499.dip.t-dialin.net[217.5.68.153]) - FTP session closed. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- need help Eduard Meiler (Aug 06)