Someone hacking via gnome?

From: jesse andrew cmu edu (Jesse F. Hughes)
To: Gnome mailing list <gnome-list gnome org>
Subject: Someone hacking via gnome?
Date: 15 Aug 2000 10:40:01 -0400

This morning, I found gnome applications crashing.  Finally I
rebooted, and then noticed this in the messages file:

Aug 15 09:56:52 phiwumbda identd[28134]: Connection from 206.79.84.73
Aug 15 09:56:53 phiwumbda in.telnetd[28129]: connect from 206.79.84.73
Aug 15 09:56:53 phiwumbda wu.ftpd[28128]: connect from 206.79.84.73
Aug 15 09:56:53 phiwumbda identd[28134]: from: 206.79.84.73 (206.79.84.73) EMPTY REQUEST
Aug 15 09:56:53 phiwumbda in.fingerd[28131]: connect from 206.79.84.73
Aug 15 09:56:53 phiwumbda sendmail[28130]: NOQUEUE: Null connection from [206.79.84.73]
Aug 15 09:56:53 phiwumbda in.pop3d[28132]: connect from 206.79.84.73
Aug 15 09:56:53 phiwumbda imapd[28135]: connect from 206.79.84.73
Aug 15 09:56:58 phiwumbda telnetd[28129]: ttloop: peer died: EOF 
Aug 15 09:56:58 phiwumbda imapd[28135]: Command stream end of file, while reading line user=??? host=[206.79.84.73]
Aug 15 09:57:05 phiwumbda ftpd[28128]: FTP session closed
Aug 15 09:57:34 phiwumbda in.telnetd[28136]: connect from 206.79.84.73
Aug 15 09:58:34 phiwumbda wu.ftpd[28138]: connect from 206.79.84.73
Aug 15 09:58:49 phiwumbda ftpd[28138]: ANONYMOUS FTP LOGIN FROM 206.79.84.73 [206.79.84.73], ddfsasdf@hi.com
Aug 15 10:00:00 phiwumbda ftpd[28138]: FTP session closed
Aug 15 10:00:09 phiwumbda wu.ftpd[28148]: connect from 206.79.84.73
Aug 15 10:00:09 phiwumbda in.telnetd[28149]: connect from 206.79.84.73
Aug 15 10:00:09 phiwumbda identd[28154]: Connection from 206.79.84.73
Aug 15 10:00:10 phiwumbda sendmail[28150]: NOQUEUE: Null connection from [206.79.84.73]
Aug 15 10:00:10 phiwumbda in.fingerd[28151]: connect from 206.79.84.73
Aug 15 10:00:10 phiwumbda identd[28154]: from: 206.79.84.73 (206.79.84.73) EMPTY REQUEST
Aug 15 10:00:10 phiwumbda in.pop3d[28152]: connect from 206.79.84.73
Aug 15 10:00:11 phiwumbda imapd[28155]: connect from 206.79.84.73
Aug 15 10:00:11 phiwumbda telnetd[28149]: ttloop: peer died: EOF 
Aug 15 10:00:12 phiwumbda imapd[28155]: Command stream end of file, while reading line user=??? host=[206.79.84.73]
Aug 15 10:00:15 phiwumbda in.rlogind[28156]: connect from 206.79.84.73
Aug 15 10:00:15 phiwumbda in.rshd[28157]: connect from 206.79.84.73
Aug 15 10:00:15 phiwumbda rshd[28157]: Connection from 206.79.84.73 on illegal port
Aug 15 10:00:16 phiwumbda rlogind[28156]: Connection from 206.79.84.73 on illegal port
Aug 15 10:00:16 phiwumbda ftpd[28148]: FTP session closed
Aug 15 10:00:21 phiwumbda gmc: [orbit] connect from 206.79.84.73
Aug 15 10:00:21 phiwumbda multiload_applet: [orbit] connect from 206.79.84.73
Aug 15 10:00:21 phiwumbda mixer_applet: [orbit] connect from 206.79.84.73
Aug 15 10:00:21 phiwumbda gnomexmms: [orbit] connect from 206.79.84.73
Aug 15 10:00:21 phiwumbda another_clock_applet: [orbit] connect from 206.79.84.73
Aug 15 10:00:21 phiwumbda cdplayer_applet: [orbit] connect from 206.79.84.73
Aug 15 10:01:39 phiwumbda gnome-name-server[28112]: input condition is: 0x10, exiting
Aug 15 10:02:46 phiwumbda gnome-name-server[28224]: starting
Aug 15 10:02:46 phiwumbda gnome-name-server[28224]: name server starting
Aug 15 10:05:55 phiwumbda gnome-name-server[28224]: input condition is: 0x10, exiting

Since I use a dynamic IP, the attacks stopped after rebooting.  The
little shit lost me.

The child seems incapable of being more than a nuisance to me, but
what is he connecting to via gnome?  Is there anything serious he can
do?  How can I keep him out?

Thanks.
-- 
Jesse Hughes
"She testified they had sex near the Oval Office, not in the famous
room itself, because that `wouldn't be appropriate, you know.'"
                                         -AP article

Follow-Ups:
- Re: Someone hacking via gnome?
  - From: Mark Volpe
- Re: Someone hacking via gnome?
  - From: Paul Warren

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]