[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Messages entry
- Subject: Re: [cobalt-users] Messages entry
- From: "William J.A. Brillinger" <billy@xxxxxxxxxx>
- Date: Tue Dec 3 17:16:00 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
At 07:03 PM 03/12/02 -0600, you wrote:
> Can someone help me out with these entries. I have several of these in my
> logs files lately
>
> Dec 3 15:30:35 www named[17672]: Response from unexpected source
> ([152.163.159.230].51) for query "DNS-07.NS.aol.com IN AAAA"
> Dec 3 15:30:35 www named[17672]: Response from unexpected source
> ([205.188.157.227].53) for query "DNS-02.NS.aol.com IN AAAA"
> Dec 3 15:31:13 www named[17672]: Response from unexpected source
> ([152.163.159.225].50) for query "DNS-06.NS.aol.com IN A6"
> Dec 3 15:31:20 www named[17672]: Response from unexpected source
> ([149.174.211.14].53) for query "DNS-01.NS.aol.com IN A6"
> Dec 3 15:31:58 www named[17672]: Response from unexpected source
> ([149.174.211.13].53) for query "DNS-02.NS.aol.com IN A6"
>
>
I also noticed this have I been hacked
Dec 3 18:50:19 www sshd[1054]: Accepted password for root from
216.40.193.233 port 1042
Dec 3 18:50:19 www PAM_pwdb[1054]: (sshd) session opened for user root by
(uid=0)
Dec 3 18:50:23 www PAM_pwdb[1054]: (sshd) session closed for user root
If you don't dial in or connect via "Everyones Internet Inc." then I
venture to guess you've been hacked.
Network IP address lookup:
whois whois.arin.net 216.40.193.233:
Everyones Internet, Inc. EVRY-BLK-6 (NET-216-40-192-0-1)
216.40.192.0 - 216.40.255.255
Dierker EVRY-69 (NET-216-40-193-232-1)
216.40.193.232 - 216.40.193.239
Very useful: http://www.network-tools.com/
- Bill B.
---------------------------------
William J.A. Brillinger
Precision Design Co.
E-Mail: mailto:billy@xxxxxxxxxx
Web site: http://www.pdcweb.net