The UNIX and Linux Forums  
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.

Go Back   The UNIX and Linux Forums > Special Forums > IP Networking
in.telnetd[5115] -- compromised? in.telnetd[5115] -- compromised?
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


IP Networking Learn TCP/IP, Internet Protocol, Routing, Routers, Network protocols in this UNIX and Linux forum.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Can't start telnetd ONEX SUN Solaris 4 02-15-2007 10:33 AM
telnetd bug! pressy SUN Solaris 3 02-15-2007 03:09 AM
telnetd vs telnetd -a davidl9999 Security 0 07-21-2006 02:50 PM
Linux and in.telnetd problems sam_pointer UNIX for Dummies Questions & Answers 3 08-31-2001 08:27 AM

Closed Thread
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 09-19-2001
LowOrderBit LowOrderBit is offline
Registered User
  
 

Join Date: Aug 2001
Location: CA
Posts: 23
in.telnetd[5115] -- compromised?
/* Linux Slackware */

looking in my logs I see tons of entries similar to below. Does anyone know what these mean, and should I be concerned. I looked up a few of the IP's at Arin.net and saw that many of them belong to isp's (not good).. Any information is helpful..

Body of Messages log
----------------------------

Jun 29 09:06:30 gateway profgpd[5155]:connect from 212.120.97.36

Jun 29 06:11:37 gateway in.telnetd[5102]: connect from root@66.115.18.3

Jul 1 03:07:58 gateway proftpd[5477]: connect from 209.87.230.226

---------------------------

gut feeling is that I have been compromised... am I right??

e0-
  #2 (permalink)  
Old 09-19-2001
rwb1959's Avatar
rwb1959 rwb1959 is offline
Registered User
  
 

Join Date: Aug 2001
Location: Virginia, USA
Posts: 438
It is very possible that you have been
compromised. First, shut off telnet and ftp!!!
Next, check out:
http://www.cert.org/tech_tips/root_compromise.html
...and following these procedures, you should
be able to determine the level of compromise
(if any). A word of advise... never, never,
never leave telnet or ftp (among other things)
open on a system that is connected to the
internet.
Closed Thread

Bookmarks

« UNIX Routers/VPN | what is the httpd.pid file usualy used for?? »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Hybrid Mode Hybrid Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 07:22 AM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0