|
|
|
|
|||||||
| Forums | Portal | Register | Rules & FAQ | Contribute | Members List | Arcade | Search | Today's Posts | Mark Forums Read |
| IP Networking Questions involving TCP/IP, Routers, Hubs, Network protocols, etc go here. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Can't start telnetd | ONEX | SUN Solaris | 4 | 02-15-2007 06:33 AM |
| telnetd bug! | pressy | SUN Solaris | 3 | 02-14-2007 11:09 PM |
| telnetd vs telnetd -a | davidl9999 | Security | 0 | 07-21-2006 11:50 AM |
| Linux and in.telnetd problems | sam_pointer | UNIX for Dummies Questions & Answers | 3 | 08-31-2001 05:27 AM |
 |
|
|
LinkBack | Thread Tools | Display Modes |
09-19-2001
|
|||
|
|||
|
in.telnetd[5115] -- compromised?
/* Linux Slackware */
looking in my logs I see tons of entries similar to below. Does anyone know what these mean, and should I be concerned. I looked up a few of the IP's at Arin.net and saw that many of them belong to isp's (not good).. Any information is helpful.. Body of Messages log ---------------------------- Jun 29 09:06:30 gateway profgpd[5155]:connect from 212.120.97.36 Jun 29 06:11:37 gateway in.telnetd[5102]: connect from root@66.115.18.3 Jul 1 03:07:58 gateway proftpd[5477]: connect from 209.87.230.226 --------------------------- gut feeling is that I have been compromised... am I right?? e0- 
|
| Forum Sponsor | ||
|
|
|
09-19-2001
|
||||
|
||||
|
It is very possible that you have been
compromised. First, shut off telnet and ftp!!! Next, check out: http://www.cert.org/tech_tips/root_compromise.html ...and following these procedures, you should be able to determine the level of compromise (if any). A word of advise... never, never, never leave telnet or ftp (among other things) open on a system that is connected to the internet.
|
||||
| Google UNIX.COM |
![in.telnetd[5115] -- compromised?](http://www.unix.com/iconimages/ip-networking/telnetd-5115-compromised_ltr.gif)
Linear Mode
