|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: sequences in the auth.log
From: Devon H. O'Dell (dodell
sitetronics.com)
Date: Wed Aug 18 2004 - 04:56:49 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nikolay Pavlov <quetzalroks.biz> scribbled:
> Hi, Justin
>
> On Tuesday, 17 August 2004 at 23:01:28 -0500, Justin wrote:
> > I'm seeing the same thing in my log. It makes me think it is a virus because
> > test, guest, and admin are not normal unix users.
>
> And I'm too. But I think that this is a some kind of Linux worm.
> The first record in my auth.log dated on Jul 23 01:48:30
> Nmap identificates all hosts (already more than ten) in my auth.log as
> "Linux 2.4.0 - 2.5.20, Linux 2.4.20 (Itanium), Linux 2.4.20 - 2.4.22 w/grsecurity.org patch"
>
> Best regards,
> Nikolay Pavlov.
> _______________________________________________
> freebsd-securityfreebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
>
This has recently and fully been discussed on the full-disclosure
mailing list.
--
Kind regards,
Devon H. O'Dell | dodellsitetronics.com
Key: 4D3D8CA7 | IRC: bofhWhatNET thebofhefnet
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFBIyfh9y+/hU09jKcRAtn7AJ4trXkGagbp47uf7uJaKNFTx8gUEQCgj+wZ
BkC9cGHVTPkoxGOb3kUwSgk=
=yuNy
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]