[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Messages entry
- Subject: Re: [cobalt-users] Messages entry
- From: "Todd W" <twooly@xxxxxxxxx>
- Date: Tue Dec 3 17:54:33 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> At 07:03 PM 03/12/02 -0600, you wrote:
> > > Can someone help me out with these entries. I have several of these
in my
> > > logs files lately
> > >
> > > Dec 3 15:30:35 www named[17672]: Response from unexpected source
> > > ([152.163.159.230].51) for query "DNS-07.NS.aol.com IN AAAA"
> > > Dec 3 15:30:35 www named[17672]: Response from unexpected source
> > > ([205.188.157.227].53) for query "DNS-02.NS.aol.com IN AAAA"
> > > Dec 3 15:31:13 www named[17672]: Response from unexpected source
> > > ([152.163.159.225].50) for query "DNS-06.NS.aol.com IN A6"
> > > Dec 3 15:31:20 www named[17672]: Response from unexpected source
> > > ([149.174.211.14].53) for query "DNS-01.NS.aol.com IN A6"
> > > Dec 3 15:31:58 www named[17672]: Response from unexpected source
> > > ([149.174.211.13].53) for query "DNS-02.NS.aol.com IN A6"
> > >
> > >
> >I also noticed this have I been hacked
> >
> >
> >Dec 3 18:50:19 www sshd[1054]: Accepted password for root from
> >216.40.193.233 port 1042
> >Dec 3 18:50:19 www PAM_pwdb[1054]: (sshd) session opened for user root
by
> >(uid=0)
> >Dec 3 18:50:23 www PAM_pwdb[1054]: (sshd) session closed for user root
>
>
> If you don't dial in or connect via "Everyones Internet Inc." then I
> venture to guess you've been hacked.
>
> Network IP address lookup:
> whois whois.arin.net 216.40.193.233:
>
> Everyones Internet, Inc. EVRY-BLK-6 (NET-216-40-192-0-1)
> 216.40.192.0 - 216.40.255.255
> Dierker EVRY-69 (NET-216-40-193-232-1)
> 216.40.193.232 - 216.40.193.239
>
> Very useful: http://www.network-tools.com/
>
YEah I figured out the last entry as it was my provider logging in when I
had them reboot my server so I wasn't hacked but any one know what the first
stuff is.
--Todd