Hi, I had just disconnected from a dial-up session with my ISP, and decided to check my /var/log entries before sutting down the machine. I found this in /var/log/messages:
Apr 7 17:26:10 linuxbox kernel: registered device ppp0 Apr 7 17:26:10 linuxbox pppd[873]: pppd 2.3.11 started by root, uid 0 Apr 7 17:26:10 linuxbox pppd[873]: Using interface ppp0 Apr 7 17:26:10 linuxbox pppd[873]: Connect: ppp0 <--> /dev/ttyS3 Apr 7 17:26:11 linuxbox kernel: PPP BSD Compression module registered Apr 7 17:26:11 linuxbox kernel: PPP Deflate Compression module registered Apr 7 17:26:12 linuxbox pppd[873]: local IP address 65.42.4.74 Apr 7 17:26:12 linuxbox pppd[873]: remote IP address 65.42.4.2 Apr 7 17:30:00 linuxbox CROND[954]: (root) CMD ( /sbin/rmmod -as) Apr 7 17:40:00 linuxbox CROND[975]: (root) CMD ( /sbin/rmmod -as) Apr 7 17:43:25 linuxbox pppd[873]: Terminating on signal 15. Apr 7 17:43:25 linuxbox pppd[873]: Connection terminated. Apr 7 17:43:25 linuxbox pppd[873]: Connect time 17.3 minutes. Apr 7 17:43:25 linuxbox pppd[873]: Sent 59516 bytes, received 456293 bytes. Apr 7 17:43:27 linuxbox pppd[873]: Exit. Apr 7 17:50:00 linuxbox CROND[996]: (root) CMD ( /sbin/rmmod -as) Apr 7 18:00:00 linuxbox CROND[1039]: (root) CMD ( /sbin/rmmod -as) Apr 7 18:00:00 linuxbox kernel: PPP: ppp line discipline successfully unregistered Apr 7 18:01:01 linuxbox CROND[1044]: (root) CMD (run-parts /etc/cron.hourly) Apr 7 18:01:47 linuxbox xinetd[1046]: libwrap refused connection to telnet from 127.0.0.1 Apr 7 18:10:00 linuxbox CROND[1076]: (root) CMD ( /sbin/rmmod -as) Apr 7 18:20:00 linuxbox CROND[4563]: (root) CMD ( /sbin/rmmod -as) Apr 7 18:30:00 linuxbox CROND[16712]: (root) CMD ( /sbin/rmmod -as) Apr 7 18:40:00 linuxbox CROND[29458]: (root) CMD ( /sbin/rmmod -as) Apr 7 18:50:00 linuxbox CROND[9315]: (root) CMD ( /sbin/rmmod -as) Apr 7 19:00:00 linuxbox CROND[11820]: (root) CMD ( /sbin/rmmod -as) Apr 7 19:01:00 linuxbox CROND[11822]: (root) CMD (run-parts /etc/cron.hourly) Apr 7 19:10:00 linuxbox CROND[11843]: (root) CMD ( /sbin/rmmod -as) Apr 7 19:12:21 linuxbox kernel: hdd: ATAPI 40X CD-ROM drive, 128kB Cache Apr 7 19:12:21 linuxbox kernel: Uniform CD-ROM driver Revision: 3.10 Apr 7 19:18:13 linuxbox kernel: CSLIP: code copyright 1989 Regents of the University of California Apr 7 19:18:14 linuxbox kernel: PPP: version 2.3.7 (demand dialling) Apr 7 19:18:14 linuxbox kernel: PPP line discipline registered. What does the 18:01:47 entry mean? I did Not initiate the telnet. This machine is one of three on a private LAN, with IP addresses in the 192.168.x.x range. At the time, the network was off-line (hub powered off.) I have no entry for 127.0.0.1 in /etc/hosts.allow. Should I have? Does xinetd, or some other process need to be able to telnet to the loopback? Could something in CRON have initiated a request to tcp/23 that was interpreted as a telnet request? Insights would be helpful...............thanks, Tom _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list