On Tue, 30 Nov 1999, Geoff Croxson wrote:
> At 09:56 29/11/99 EST5EDT, you wrote:
> >I keep seeing these in my messages log, and can't pinpoint what is
> >causing it:
> >
> >
> >=== Cut ===
> >Nov 29 21:40:01 k4 identd[1876]: Returned: 4599 , 21 : NO-USER
> >Nov 29 21:40:01 k4 identd[1877]: Returned: 4599 , 21 : NO-USER
> >Nov 29 21:40:03 k4 identd[1878]: Returned: 4600 , 13014 : NO-USER
> >Nov 29 21:40:06 k4 identd[1879]: Returned: 4601 , 13016 : NO-USER
> >=== Cut ===
> Either....eggdrop, iroffer, IRCII or BitchX. The IRC servers are querying
> the clients for ident, and it seems either your ident is not
> installed/running. If you installed it, then try a kill -HUP inetd to kick
> start it,
His identd is functioning just fine thus the "identd[pid#]", someone
connected from port "4599" to an ftp(the 21) somewhere on the inet, the
ftp servers tcp_wrappers then queryed the box (k4) as to who had opened
port "4599" your system told it "NO-USER" meaning k4 is a masq firewall,
or the process that opened the connection exited before identd could
answer. Now judgeing from the time span between the enterys i'd say you
were likely scanned or something (or you click way faster than i do)
> Also.. to the person who saw the "-- MARK --" in their logs, I noticed this
> too when a user started running iroffer on my host. iroffer is like an xdcc
> bot, pretty harmless, and not a security risk AFIAK,
Anything a user installs on your system is a security risk.. (and the "--
MARK --" you refer is more likely the function of syslog)
> Regards
>
> Geoff Croxson
> -----------------------------------------------------------------------
> Page me http://wwp.mirabilis.com/1120068
> Senior Micro-Computing Support Officer Ph: 9514 1218
> Humanities and Social Sciences Fax:9514 1041
> University of Technology, Sydney [EMAIL PROTECTED]
>
--
MandrakeSoft http://www.mandrakesoft.com/
--Axalon
