I keep a tail on my logs and pipe it through a perl script that plays a warning sound and takes immediate action. I guess I'm paranoid, but here is what just happened. Is there some sort of exploit for pppd? Feb 4 20:30:50 felix abacus_sentry[8882]: attackalert: UDP scan from host: pcf133.psy.utexas.edu/128.83.210.133 to UDP port: 161 Feb 4 20:30:50 felix abacus_sentry[8882]: attackalert: Host: pcf133.psy.utexas.edu/128.83.210.133 is already blocked Ignoring Feb 4 20:31:07 felix kernel: general protection: 0000 Feb 4 20:31:07 felix kernel: CPU: 0 Feb 4 20:31:07 felix kernel: EIP: 0010:[select_free_wait+40/68] Feb 4 20:31:07 felix kernel: EFLAGS: 00010086 Feb 4 20:31:07 felix kernel: eax: f000ef6f ebx: 02dae00c ecx: 02dae000 edx: f000ef6f Feb 4 20:31:07 felix kernel: esi: 00000207 edi: 03755e9c ebp: 00000000 esp: 03755e70 Feb 4 20:31:07 felix kernel: ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018 Feb 4 20:31:07 felix kernel: Process pppd (pid: 7604, process nr: 32, stackpage=03755000) Feb 4 20:31:07 felix kernel: Stack: 00000006 0112e660 00000000 0012e092 03755e9c 00000006 00000000 00000000 Feb 4 20:31:07 felix kernel: bffffb4c 00000000 02dae000 00000001 02dae000 0012e316 00000006 03755f78 Feb 4 20:31:07 felix kernel: 03755f38 03755ef8 03755f98 03755f58 03755f18 03755ed8 03804018 bffffb4c Feb 4 20:31:07 felix kernel: Call Trace: [do_select+526/632] [sys_select+394/604] [<0483cc4b>] [do_wp_page+0/600] [<0483c429>] [tty_read+155/188] [sys_read+190/228] Feb 4 20:31:07 felix kernel: [system_call+85/124] Feb 4 20:31:07 felix kernel: Code: 8b 42 04 39 d8 74 05 89 c2 eb f5 90 89 4a 04 56 9d 8b 0f 85 Feb 4 20:31:07 felix pppd[10126]: Terminating on signal 15. Feb 4 20:31:07 felix pppd[10126]: Connection terminated. Feb 4 20:31:08 felix pppd[10126]: Exit. --------------------------------------------------------------------------- Send administrative requests to [EMAIL PROTECTED]
