Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: login consol to foreign ip
Special Forums Cybersecurity login consol to foreign ip Post 302439315 by SimonSalman on Friday 23rd of July 2010 08:22:35 AM
Old 07-23-2010
login consol to foreign ip
every time, root (or any other user) logs into the system (Suse 9.3 Linux mail server) a connection to a foreign ip (96.124.236.183) shows up.
It shows up even when I plug out the network cable and then restart the system.

I don't know if this is a security hole and how to find out more about it.

Thanks,
Simon

Code:
last -i

root     pts/1        0.0.0.0          Thu Jul 22 13:35   still logged in   
root     pts/0        0.0.0.0          Thu Jul 22 13:34   still logged in   
root     :0           96.124.236.183   Thu Jul 22 13:34   still logged in   
root     :0           0.0.0.0          Thu Jul 22 13:34 - 13:34  (00:00)    
root     pts/2        0.0.0.0          Thu Jul 22 12:06 - 12:08  (00:01)    
root     pts/1        0.0.0.0          Thu Jul 22 12:06 - 12:08  (00:02)    
root     :0           96.124.236.183   Thu Jul 22 12:05 - 12:08  (00:02)    
root     :0           0.0.0.0          Thu Jul 22 12:05 - 12:05  (00:00)    
reboot   system boot  0.0.0.0          Thu Jul 22 14:04          (00:-24)   
root     pts/1        0.0.0.0          Thu Jul 22 11:59 - 12:01  (00:01)    
root     pts/1        0.0.0.0          Thu Jul 22 11:53 - 11:59  (00:06)    
root     pts/0        0.0.0.0          Thu Jul 22 11:53 - 12:03  (00:10)    
root     :0           96.124.236.183   Thu Jul 22 11:52 - 12:03  (00:10)    
root     :0           0.0.0.0          Thu Jul 22 11:52 - 11:52  (00:00)    
reboot   system boot  0.0.0.0          Thu Jul 22 13:51          (-1:-48)   

last -a

root     pts/1        Thu Jul 22 13:35   still logged in    
root     pts/0        Thu Jul 22 13:34   still logged in    
root     :0           Thu Jul 22 13:34   still logged in    console
root     :0           Thu Jul 22 13:34 - 13:34  (00:00)     
root     pts/2        Thu Jul 22 12:06 - 12:08  (00:01)



---------- Post updated 23-07-10 at 02:22 PM ---------- Previous update was 22-07-10 at 02:53 PM ----------

Do you need more information? Is my problem to trivial?


I really would like to understand why this ip address appears at each log in. And further how much of a security issue this might be.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Foreign characters in bash

Hello, I'm trying to type in foreign characters (á, é, í, ñ...) from the bash when doing a Telnet to my UNIX account. So far it only allows me to type in the standard character set (up to ASCII 128). I need this to feed parameters to certains scripts and programs. Thanks! Miguel (4 Replies)
Discussion started by: czerny
4 Replies

2. UNIX for Advanced & Expert Users

foreign characters

I have a flat file and have foreign characters in three fields. Can somebody tell me how to get rid of these special characters? It's very urgent because without this my process is failing. Thanks in advance. Angielina (1 Reply)
Discussion started by: angelina
1 Replies

3. Shell Programming and Scripting

foreign characters

I have a flat file and have foreign characters in three fields. Can somebody tell me how to get rid of these special characters? It's very urgent because without this my process is failing. Thanks in advance. Angielina (2 Replies)
Discussion started by: angelina
2 Replies

4. UNIX for Advanced & Expert Users

foreign characters in flat file

Hey, Is there anyway I anks, Pocha (12 Replies)
Discussion started by: pochaman
12 Replies

5. Shell Programming and Scripting

regular expression foreign language

Hello all, I read somewher that regular expressions work with ASCII table so when i type grep "*" file_name it uses values from ACII dec97(a) to dec122(z), right ? But if I have file containing diacritics, lets say (ordinary Slovak language characters): marek@cepi:~$ cat diakritika ... (9 Replies)
Discussion started by: wakatana
9 Replies

6. HP-UX

Connection closed by foreign host

I am trying to connect to my HP server from remote machine. It gets connected but once credential are provided the connection is closed. adroit:/home/seo/hitendra 32 ] telnet myserv1 Trying... Connected to myserv1. Escape character is '^]'. Local flow control on Telnet TERMINAL-SPEED... (4 Replies)
Discussion started by: hiten.r.chauhan
4 Replies

7. Shell Programming and Scripting

Day of the week or Month in a foreign language

Hey guys, i'm a very new shell script user. I've been looking everywhere for a proper script to display the day of the week or the month, accurately, in a foreign language of my choosing. Something where i can just type in the appropriate word in a foreign language in the script and get the... (2 Replies)
Discussion started by: ibizagreg
2 Replies

8. UNIX for Advanced & Expert Users

What is the foreign address?

hi i want to open port 9100 and the connect server could not to connect to my application this my results of netstat tulpn Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:9100 ... (3 Replies)
Discussion started by: mohammad alshar
3 Replies

9. IP Networking

netstat local and foreign address relationship.

Hi All, Can you please help me in understanding the relationship between local and foreign address in the output of netstat -an. Output 1 ---------- 162.103.162.37.50224 162.103.162.35.9511 49640 0 49640 0 ESTABLISHED 162.103.162.37.50263 162.103.162.35.9512 49640 0... (1 Reply)
Discussion started by: Girish19
1 Replies

10. UNIX for Advanced & Expert Users

Foreign Key in UNIX File System

Hi, Do we have Foreign Key concept in File system like UNIX, as we have in DBMS?? If yes, Can you please tell me how it is implemented in File System? Thanks & Regards, Archana (2 Replies)
Discussion started by: Archana Batta
2 Replies

LEARN ABOUT CENTOS

biff

BIFF(1)                                                     BSD General Commands Manual                                                    BIFF(1)

NAME

     biff -- be notified if mail arrives and who it is from

SYNOPSIS

     biff [ny]

DESCRIPTION

     Biff informs the system whether you want to be notified when mail arrives during the current terminal session.

     Options supported by biff:

     n     Disables notification.

     y     Enables notification.

     When mail notification is enabled, the header and first few lines of the message will be printed on your screen whenever mail arrives.  A
     ``biff y'' command is often included in the file .login or .profile to be executed at each login.

     Biff operates asynchronously via the comsat(8) service. If that service is not enabled, biff will not do anything. In that case, or for syn-
     chronous notification, use the MAIL variable of sh(1) or the mail variable of csh(1).

SEE ALSO

     csh(1), mail(1), sh(1), comsat(8)

HISTORY

     The biff command appeared in 4.0BSD.

BUGS

     su(1), and biff don't seem to get on too well. This is probably due to the tty still being owned by the person using su. This can result in
     ``Permission denied'' messages when attempting to change the biff status of your session.

     Please report bugs to netbug@ftp.uk.linux.org including diffs/patches, compiler error logs or as complete a bug report as is possible.

Linux NetKit (0.17-pre-20000412)                                   July 31, 1999                                  Linux NetKit (0.17-pre-20000412)
All times are GMT -4. The time now is 03:06 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy