Hi Leute,
kann mir jemand sagen, ob der Mitschnitt aus dem syslog unten ein
Einbruchsversuch war ?
Wozu richte ich eigentlich firewall-Regeln ein ?
Damit jemand mit "popper" alles aushebelt ?
Wenn ich das richtig sehe, hat der Angreifer, dessen IP bestimmt
gefaelscht war,
ERFOLGREICH /usr/sbin/popper gestartet (leider ist popper nicht
installiert und daher
hat popper auch nicht gestartet ....)
Zweite Frage : wenn es ein Einbruchsversuch war - was hat er angerichtet
?!?!?!?
Ist er ueberhaupt reingekommen ?
Es waere schoen, wenn mir jemand mal das log aufschluesseln koennte ...
;-)
<---------- snip ----------->
Feb 19 15:37:36 router ipppd[77]: Local number: yyyyyy, Remote number:
xxxxxxxxx, Type: outgoing
Feb 19 15:37:36 router ipppd[77]: PHASE_WAIT -> PHASE_ESTABLISHED,
ifunit: 0, linkunit: 0, fd: 6
Feb 19 15:37:37 router ipppd[77]: Remote message:
Feb 19 15:37:37 router ipppd[77]: bundle, he: 0 we: 0
Feb 19 15:37:37 router ipppd[77]: local IP address 129.70.39.9
Feb 19 15:37:37 router ipppd[77]: remote IP address 129.70.4.136
Feb 19 15:40:52 router popper[4140]: connect from [EMAIL PROTECTED]
Feb 19 15:40:52 router syslog: error: cannot execute /usr/sbin/popper:
No such file or directory
Feb 19 15:40:52 router in.fingerd[4141]: connect from [EMAIL PROTECTED]
Feb 19 15:40:53 router in.ftpd[4142]: connect from [EMAIL PROTECTED]
Feb 19 15:40:54 router HylaFAX[4143]: Protocol botch, unexpected EOF.
Feb 19 15:41:02 router in.rlogind[4147]: connect from [EMAIL PROTECTED]
Feb 19 15:41:02 router rlogind[4147]: Connection from 129.70.39.75 on
illegal port
Feb 19 15:41:10 router in.telnetd[4152]: connect from [EMAIL PROTECTED]
Feb 19 15:41:11 router in.rshd[4155]: warning: can't get client address:
Connection reset by peer
Feb 19 15:41:11 router in.rshd[4155]: connect from unknown
Feb 19 15:41:11 router rshd[4155]: getpeername: Transport endpoint is
not connected
Feb 19 15:41:11 router telnetd[4152]: ttloop: peer died: Success
Feb 19 15:41:12 router in.rshd[4154]: connect from [EMAIL PROTECTED]
Feb 19 15:41:12 router rshd[4154]: Connection from 129.70.39.75 on
illegal port
Feb 19 15:41:13 router in.ftpd[4156]: warning: can't get client address:
Connection reset by peer
Feb 19 15:41:13 router in.ftpd[4156]: connect from unknown
Feb 19 15:41:13 router in.ftpd[4157]: warning: can't get client address:
Connection reset by peer
Feb 19 15:41:13 router in.ftpd[4157]: connect from unknown
Feb 19 15:41:13 router ftpd[4156]: getpeername (in.ftpd): Transport
endpoint is not connected
Feb 19 15:41:13 router ftpd[4157]: getpeername (in.ftpd): Transport
endpoint is not connected
Feb 19 15:41:14 router in.ftpd[4158]: warning: can't get client address:
Connection reset by peer
Feb 19 15:41:14 router in.ftpd[4158]: connect from unknown
Feb 19 15:41:14 router ftpd[4158]: getpeername (in.ftpd): Transport
endpoint is not connected
Feb 19 15:41:15 router in.ftpd[4159]: warning: can't get client address:
Connection reset by peer
Feb 19 15:41:15 router in.ftpd[4159]: connect from unknown
Feb 19 15:41:15 router ftpd[4159]: getpeername (in.ftpd): Transport
endpoint is not connected
Feb 19 15:41:16 router in.ftpd[4160]: warning: can't get client address:
Connection reset by peer
Feb 19 15:41:16 router in.ftpd[4160]: connect from unknown
Feb 19 15:41:16 router ftpd[4160]: getpeername (in.ftpd): Transport
endpoint is not connected
Feb 19 15:41:17 router in.ftpd[4161]: warning: can't get client address:
Connection reset by peer
Feb 19 15:41:17 router in.ftpd[4161]: connect from unknown
Feb 19 15:41:18 router ftpd[4161]: getpeername (in.ftpd): Transport
endpoint is not connected
Feb 19 15:41:19 router in.ftpd[4162]: warning: can't get client address:
Connection reset by peer
Feb 19 15:41:19 router in.ftpd[4162]: connect from unknown
Feb 19 15:41:19 router ftpd[4162]: getpeername (in.ftpd): Transport
endpoint is not connected
Feb 19 15:41:20 router in.ftpd[4163]: warning: can't get client address:
Connection reset by peer
Feb 19 15:41:20 router in.ftpd[4163]: connect from unknown
Feb 19 15:41:20 router ftpd[4163]: getpeername (in.ftpd): Transport
endpoint is not connected
<---------- snip ----------->
gespannt auf Antwort wartend,
Ruediger
--
Um aus der Liste ausgetragen zu werden, eine Mail an [EMAIL PROTECTED]
schicken, mit dem Text: unsubscribe suse-linux
