[99794] in RedHat Linux List
security advice requested
daemon@ATHENA.MIT.EDU (Fred W.Noltie Jr.)
Tue Nov 17 01:17:31 1998
From: "Fred W.Noltie Jr." <criterion-consulting@usinternet.com>
To: redhat-list@redhat.com
Date: Mon, 16 Nov 1998 19:47:17 -0600
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
Greetings,
I have a modified RH 5.0 machine (i.e., some non-rpm programs; all current
errata; bind, sendmail & apache from 5.2; etc) that I use for dial-up internet
access. I don't have a domain or static IP. I discovered in my logs yesterday
the following entries in /var/log/secure:
Nov 14 00:07:35 localhost in.telnetd[696]: refused connect from 209.148.141.70
Nov 14 00:10:31 localhost in.telnetd[698]: refused connect from 209.148.141.70
Nov 14 00:10:43 localhost in.telnetd[699]: refused connect from 209.148.141.70
[snip irrelevant]
Nov 15 19:57:19 localhost in.telnetd[6828]: refused connect from 209.148.140.208
Obviously someone wanted to visit me; fortunately, I had long ago blocked all
telnet access to my box (because it's just my home box, and nobody has any
business attempting to telnet here). As it turns out, both these IP's are from
the same ISP.
I have a couple questions. First, how concerned should I be? Given that I have
no domain nor static IP it seems pretty clear that someone was just fishing.
Doing an rpm -Va turned up nothing particularly sinister, so I don't think this
person (persons?) managed to get in. Any other tips? FWIW, Between the first
and second incidents I had installed some ipfwadm rules denying incoming stuff
on most ports.
My second question: Should I contact the sysadmins at the ISP over this? It
seems clear to me that someone was up to no good, but I may be mistaken. If I
should contact them, to whom should I address my message? root, or someone else?
Thanks for the help,
Fred
--
"The road to tyranny, we must never forget,
is the destruction of the truth." -- Bill Clinton,
15 Oct 1995 speech at the University of Connecticut
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
