Am I Being Hacked?

[yellowdog-general@lists.terrasoftsolutions.com]

Well see that is the thing I have gone to great lengths to block everything
out with hosts.deny and .allow. My concern is that they will address spoof
the allowed IPs and get in. Is this possible or am i being paranoid?
----- Original Message ----- 
From: "nathan r. hruby" <nathan@drama.uga.edu>
To: <yellowdog-general@lists.terrasoftsolutions.com>
Sent: Friday, May 16, 2003 9:19 AM
Subject: Re: Am I Being Hacked?


> On Fri, 16 May 2003 gwmartin@ezomo.com wrote:
>
> > Saw these entries in my secure log file and am wondering if I am being
> > hacked or have already been hacked?
> >
> > May 12 23:48:49 fs xinetd[578]: START: ftp pid=1323 from=192.168.1.4
> > May 12 23:48:49 fs xinetd[1323]: FAIL: ftp libwrap from=192.168.1.4
> [snip]
>
> Nope, not yet at least.  Those log messages show that some people are
> attempting to connect to your FTP port, but xinetd (the thing that runs
> ftpd when people connect) is denying them access due to your rules in
> /etc/hosts.deny.  You should be safe, but take a look at your system jsut
> to be sure.
>
> The odd thing is the 192.168.1.4 addresses, which are private IP's, which
> means that someone else (I woudl assume) on your network is trying to FTp
> into your machine.  You may want to find the machine with 128.192.1.4 and
> look at it to see if it's comprimized.
>
> And, as a fellow user of the internet, thank you for taking the time to
> use /etc/hosts.{deny,allow} to help ensure they saftey of your machine and
> the internet as a whole.
>
> -n
> -- 
> ----------------------------------------
> nathan hruby <nathan@drama.uga.edu>
> computer services specialist
> uga drama & theatre
> reality is a moving target
> ----------------------------------------
>
>
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
>