[123033] in North American Network Operators' Group
Re: Future timestamps in /var/log/secure
daemon@ATHENA.MIT.EDU (gordon b slater)
Fri Feb 26 14:29:07 2010
X-IP-MAIL-FROM: gordslater@ieee.org
From: gordon b slater <gordslater@ieee.org>
To: wade.peacock@sunwave.net
In-Reply-To: <4B88191F.4050000@sunwave.net>
Date: Fri, 26 Feb 2010 19:28:32 +0000
Cc: nanog@nanog.org
Reply-To: gordslater@ieee.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, 2010-02-26 at 10:55 -0800, Wade Peacock wrote:
> the proftpd line happened to be the next line in the log. the
> next simular ssh lines looks like (duplicate removed)
>
> Feb 26 10:08:48 mx sshd[22165]: Did not receive identification string from UNKNOWN
> Feb 26 10:09:27 mx sshd[22261]: Failed password for root from 219.137.192.231 port 54111 ssh2
is it possible that a local user changed the time (maybe with a GUI app)
around the time of these attempts?
(failed attempts like this are normal for a machine hooked to the
internet without ACLs BTW, the problem is the strange timestamp <<for
the benefit of casual onlookers in the thread)
Gord
--
latest ITU-T declaration: all syslogs must show timestamps in Geneva
time
