Am I Being Hacked?
nathan r. hruby
yellowdog-general@lists.terrasoftsolutions.com
Fri May 16 10:19:01 2003
On Fri, 16 May 2003 gwmartin@ezomo.com wrote:
> Saw these entries in my secure log file and am wondering if I am being
> hacked or have already been hacked?
>
> May 12 23:48:49 fs xinetd[578]: START: ftp pid=1323 from=192.168.1.4
> May 12 23:48:49 fs xinetd[1323]: FAIL: ftp libwrap from=192.168.1.4
[snip]
Nope, not yet at least. Those log messages show that some people are
attempting to connect to your FTP port, but xinetd (the thing that runs
ftpd when people connect) is denying them access due to your rules in
/etc/hosts.deny. You should be safe, but take a look at your system jsut
to be sure.
The odd thing is the 192.168.1.4 addresses, which are private IP's, which
means that someone else (I woudl assume) on your network is trying to FTp
into your machine. You may want to find the machine with 128.192.1.4 and
look at it to see if it's comprimized.
And, as a fellow user of the internet, thank you for taking the time to
use /etc/hosts.{deny,allow} to help ensure they saftey of your machine and
the internet as a whole.
-n
--
----------------------------------------
nathan hruby <nathan@drama.uga.edu>
computer services specialist
uga drama & theatre
reality is a moving target
----------------------------------------