Am I Being Hacked?

Fri May 16 10:19:01 2003

On Fri, 16 May 2003 gwmartin@ezomo.com wrote:

> Saw these entries in my secure log file and am wondering if I am being
> hacked or have already been hacked?
> 
> May 12 23:48:49 fs xinetd[578]: START: ftp pid=1323 from=192.168.1.4
> May 12 23:48:49 fs xinetd[1323]: FAIL: ftp libwrap from=192.168.1.4
[snip]

Nope, not yet at least.  Those log messages show that some people are 
attempting to connect to your FTP port, but xinetd (the thing that runs 
ftpd when people connect) is denying them access due to your rules in 
/etc/hosts.deny.  You should be safe, but take a look at your system jsut 
to be sure.  

The odd thing is the 192.168.1.4 addresses, which are private IP's, which
means that someone else (I woudl assume) on your network is trying to FTp 
into your machine.  You may want to find the machine with 128.192.1.4 and 
look at it to see if it's comprimized.

And, as a fellow user of the internet, thank you for taking the time to 
use /etc/hosts.{deny,allow} to help ensure they saftey of your machine and 
the internet as a whole.

-n
-- 
----------------------------------------
nathan hruby <nathan@drama.uga.edu>
computer services specialist  
uga drama & theatre                        
reality is a moving target
----------------------------------------