Re: [Someone hacking via gnome?]

From: Anthony Richardella <zorc3 netscape net>
To: jesse andrew cmu edu (Jesse F. Hughes),Gnome mailing list <gnome-list gnome org>
Subject: Re: [Someone hacking via gnome?]
Date: 15 Aug 00 18:06:35 PDT
You might want to turn anonymous FTP off. There's the possiblity that who ever
it was could have grabbed your /etc/passwd file. 

jesse@andrew.cmu.edu (Jesse F. Hughes) wrote:
This morning, I found gnome applications crashing.  Finally I
rebooted, and then noticed this in the messages file:

Aug 15 09:56:52 phiwumbda identd[28134]: Connection from 206.79.84.73
Aug 15 09:56:53 phiwumbda in.telnetd[28129]: connect from 206.79.84.73
Aug 15 09:56:53 phiwumbda wu.ftpd[28128]: connect from 206.79.84.73
Aug 15 09:56:53 phiwumbda identd[28134]: from: 206.79.84.73 (206.79.84.73)
EMPTY REQUEST
Aug 15 09:56:53 phiwumbda in.fingerd[28131]: connect from 206.79.84.73
Aug 15 09:56:53 phiwumbda sendmail[28130]: NOQUEUE: Null connection from
[206.79.84.73]
Aug 15 09:56:53 phiwumbda in.pop3d[28132]: connect from 206.79.84.73
Aug 15 09:56:53 phiwumbda imapd[28135]: connect from 206.79.84.73
Aug 15 09:56:58 phiwumbda telnetd[28129]: ttloop: peer died: EOF 
Aug 15 09:56:58 phiwumbda imapd[28135]: Command stream end of file, while
reading line user=??? host=[206.79.84.73]
Aug 15 09:57:05 phiwumbda ftpd[28128]: FTP session closed
Aug 15 09:57:34 phiwumbda in.telnetd[28136]: connect from 206.79.84.73
Aug 15 09:58:34 phiwumbda wu.ftpd[28138]: connect from 206.79.84.73
Aug 15 09:58:49 phiwumbda ftpd[28138]: ANONYMOUS FTP LOGIN FROM 206.79.84.73
[206.79.84.73], ddfsasdf@hi.com
Aug 15 10:00:00 phiwumbda ftpd[28138]: FTP session closed
Aug 15 10:00:09 phiwumbda wu.ftpd[28148]: connect from 206.79.84.73
Aug 15 10:00:09 phiwumbda in.telnetd[28149]: connect from 206.79.84.73
Aug 15 10:00:09 phiwumbda identd[28154]: Connection from 206.79.84.73
Aug 15 10:00:10 phiwumbda sendmail[28150]: NOQUEUE: Null connection from
[206.79.84.73]
Aug 15 10:00:10 phiwumbda in.fingerd[28151]: connect from 206.79.84.73
Aug 15 10:00:10 phiwumbda identd[28154]: from: 206.79.84.73 (206.79.84.73)
EMPTY REQUEST
Aug 15 10:00:10 phiwumbda in.pop3d[28152]: connect from 206.79.84.73
Aug 15 10:00:11 phiwumbda imapd[28155]: connect from 206.79.84.73
Aug 15 10:00:11 phiwumbda telnetd[28149]: ttloop: peer died: EOF 
Aug 15 10:00:12 phiwumbda imapd[28155]: Command stream end of file, while
reading line user=??? host=[206.79.84.73]
Aug 15 10:00:15 phiwumbda in.rlogind[28156]: connect from 206.79.84.73
Aug 15 10:00:15 phiwumbda in.rshd[28157]: connect from 206.79.84.73
Aug 15 10:00:15 phiwumbda rshd[28157]: Connection from 206.79.84.73 on illegal
port
Aug 15 10:00:16 phiwumbda rlogind[28156]: Connection from 206.79.84.73 on
illegal port
Aug 15 10:00:16 phiwumbda ftpd[28148]: FTP session closed
Aug 15 10:00:21 phiwumbda gmc: [orbit] connect from 206.79.84.73
Aug 15 10:00:21 phiwumbda multiload_applet: [orbit] connect from 206.79.84.73
Aug 15 10:00:21 phiwumbda mixer_applet: [orbit] connect from 206.79.84.73
Aug 15 10:00:21 phiwumbda gnomexmms: [orbit] connect from 206.79.84.73
Aug 15 10:00:21 phiwumbda another_clock_applet: [orbit] connect from
206.79.84.73
Aug 15 10:00:21 phiwumbda cdplayer_applet: [orbit] connect from 206.79.84.73
Aug 15 10:01:39 phiwumbda gnome-name-server[28112]: input condition is: 0x10,
exiting
Aug 15 10:02:46 phiwumbda gnome-name-server[28224]: starting
Aug 15 10:02:46 phiwumbda gnome-name-server[28224]: name server starting
Aug 15 10:05:55 phiwumbda gnome-name-server[28224]: input condition is: 0x10,
exiting

Since I use a dynamic IP, the attacks stopped after rebooting.  The
little shit lost me.

The child seems incapable of being more than a nuisance to me, but
what is he connecting to via gnome?  Is there anything serious he can
do?  How can I keep him out?

Thanks.
-- 
Jesse Hughes
"She testified they had sex near the Oval Office, not in the famous
room itself, because that `wouldn't be appropriate, you know.'"
                                         -AP article

_______________________________________________
gnome-list mailing list
gnome-list@gnome.org
http://mail.gnome.org/mailman/listinfo/gnome-list


____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
Follow-Ups:
- Re: [Someone hacking via gnome?]
  - From: Jesse F. Hughes
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]