[prev in list] [next in list] [prev in thread] [next in thread]
List: suse-linux
Subject: Intrusion?
From: Dieter Franzke <dililikima () gmx ! net>
Date: 2001-11-23 5:53:46
[Download RAW message or body]
Hi,
habe beim durchsehen meiner logfiles folgendes entdeckt, daß mich äußerst
stutzig machte:
Nov 20 03:00:01 server named[707]: starting (/etc/named.conf). named
8.2.4-REL Thu Sep 20 04:20:40 GMT 2001
root@knox:/usr/src/packages/BUILD/bind8-8.2.4/bin/named
Nov 20 03:00:02 server named[707]: master zone "localhost" (IN) loaded
(serial 42)
Nov 20 03:00:02 server named[707]: master zone "0.0.127.in-addr.arpa" (IN)
loaded (serial 42)
Nov 20 03:00:02 server named[707]: master zone "franzke-online" (IN) loaded
(serial 2001090700)
Nov 20 03:00:02 server named[707]: master zone "0.168.192.in-addr.arpa" (IN)
loaded (serial 2001090700)
Nov 20 03:00:02 server named[707]: hint zone "" (IN) loaded (serial 0)
Nov 20 03:00:02 server named[707]: listening on [127.0.0.1].53 (lo)
Nov 20 03:00:02 server named[707]: listening on [192.168.0.100].53 (eth0)
Nov 20 03:00:02 server named[707]: Forwarding source address is
[0.0.0.0].32768
Nov 20 03:00:02 server named[712]: group = named
Nov 20 03:00:02 server named[712]: user = named
Nov 20 03:00:02 server named[712]: Ready to answer queries.
Nov 20 03:00:04 server su: (to postgres) root on /dev/console
Nov 20 03:00:04 server PAM-unix2[802]: session started for user postgres,
service su
MI)3C.8^U)`]2VW"%*X!S-457*D.JMRR20`"M0&E7^]%MVTHN%*!E\;R-AS%`
MZ[1II\/,^E24P4IV-6V7%.H"GF?*5&\X(J#VAAG6H*5"M4)3)-$0^TIE*Q_A
MD3!&9^*!-!0`*#K"CF#M1%+*UJ;;6$K&9C:H^82DE"85ID:A`%20Z"XI"8\P
M`%4;":!S)3GG8CFDIM2H03Z",F8,T.XN&F$)6XL)3J`DF*3JW!<(*E(#$;R9
MF@,D'4=!`2,0*DLZ4&HI0EH$)21)DD<FE_\`,]*C`$$$XH'0=2$K,@J':G.0
M4H6`K]J9;A0!I;*_BG2D!6K1"E;T"$@R2<#MO4H$SS3C;-+]Z"KU"V-WT]]F
M1*TF/GBO,KRW5;N'4""E6E7L:]3T*WG'8UQ/B.V;9NKLB=PO/!(H,5+17;E0
MG(BJ=_:*#,R9./8UL64+:&E!VQVJ%\R5MX,28H.*""E9G<45!)5D_P"U3NFO
M+>4`,3S4[=.LYXS0=IX<Z%;7?2%OW*27'5$(.XQWJW>>&V$A;\>6I"84SN#[
M@UH^%FPOP_;%M10I).H=S-:;R;>ZU,O2L`]MJ`?AM@6_1T-)@I2M4$?-:U5K
M!H,VY0D`)"B0`F*LT"IE;4],=J"J^21V_2N3\5W7X9^V!'U(.?O75OD`@'[F
MN-\9MEQZT((!2@[_`#0<ZMT7#Y6LR`*N)8\ULE>W`J@VRI*I*@"?>K[*U`)U
M(D;[[B@S[M@-+UH`U;8JS;6SBV073J![#:M'RV;K42C1[3)JRVRVTT$(@]Q.
M]`7I71WRV7$.:6U#`/!%:J'G^G$`K\P$`9XS3V?4F+1K0%I@#8C:LKJ?5&[E
MP`*E1XVH.N9?2&$ZEC:9`@4@EU,A2TH!,A0&8K(Z>619H;U)4#B#R:T6G$?B
M4L*4HJT:D@`Q'O060"L;R%'>GU*2Z6B/3_FBH!WRU(:9;UZI),X32>>6@()@
M$F(R8_*@'<.^24C03J5`@310V=`!1J$\T77)(*(2=E5&`E2EJ5G89H(.ME4'
M2A4=^*#Y$>E$(*OY@=JM$"0F3J4)'O4-"D&5">8WH`(LPEM32W5*)S.U3::4
MRL$@K!&5&B>:`#Z96..:K(\T/*U/$I4<-J&106]P%P1&2*B]"D$E(([&HK;U
MHAQ9("I&D14?*UZAYAVVH'0I"E)``$#`%/*4J$*D=C0VVU-R2#O,@[5`M%;F
MI1([]J"POS"`6U)@BA-AX#^*4J]Q4@A(!`P8WH>AQ#8Q!V(F@FK5I"E1(.XI
MU)2I)*5>J<S3%U"4PHY&"!4&TI7J!.0<T!4"$!)5G\Z`J02%@%$[CBC)TP"@
MYCFHJ!4L28`Y[T'/=1?MWFM)LW5*4I1"T;$@[8IV4:+ORPTD(6S*U+&H`QL9
MJG<,VK-X$MW4.H<+BVT$D$DF,42YN'+=80=!85"7"L'/Y4$&O,M[8VUFIM`4
ML`!1^KN:MCT_A@@L^8W.J58(CML:KHMX?;7:L)2EX<D@)[G-&\EINZ'ELC0V
M@C4X8D&@DIVX>UM,:F2D0%1F/:E==0#:5(3I=4`$2I8F?>A7HTVBW&W6P]HT
MJ7DP3Q5&T#3EHL?@PN"<D_XA&)]J"PDJ\HKNG4I=!U`(2#$\35I%N0PO4MQ$
M$%2B=P15&TMUI*R^U*W`#ZLJ3&^U7;`N.W("6BEADDK4X?4N>PH+2G&$L>2A
M2U-M#25(S)]ZHO6X=MG%!D./`$-[PH'YJ:[5MJ\UI6X&WX42@2)F-IH"G=3R
M+92;L)2X4C3`CW)]Z"5HEXM>O"5C3HU?2.:'<VX:44,=36D!4PH:H':M1+3#
M(+OFC4C&DJV':.:J7"FU%K4EMAY4A"5)_(T$[)5NAY00^%CRY2"/I-&5<.,W
M2DEP&6_I"<#O%1MK9MNX>N'V4N.1I2HF"8]AM1`VAQY.II?EH2="Q,D@_G05
MF4"T<#UBI*$N87(S'>35D*6VH)%RI2)B-,YC]JHWCC%OU$EEQ940%+2M)C?C
M\J.Q<,6HT+/_`%*R2D*$!4<T$O/N'%^=YC*T%1A.2J*=*4OWJGBXLD:M(5(T
M?]T=Q29?\Q`:"]8.$MH!YWSQ5E3[C2O2A9E))4E!U)_.@K,LM*7-NX073I6D
M*(/_`*J86"F2%^>$.)@Z'<S'ZU82M5T%?A5I+@4,K2`14G+5;#(<=;#RVC]1
M5J4H']OB@3Q>5<6Z&SJ!4-1",1%6D@I>0A*-2$).9,?^:KI*E/#R4+0M1DE6
M`(-7$-'<K)29@@T%.WN_-N5:4K4%$^G3]('O6B$-K25)22"1ZE<&A!K0T`/4
M@#4`C^8\T=O0XV6RG2@;)5VH!K#C=PDH<;!`@)(S^53*5AU*$-0B=2G`<4!*
M=.IUIL..;`*,".^:.Z5K:2V!I*QD3MB@<@"X*@%DK$%(.!',4[2M>IQ(!S!C
MFA!VV9824N@`*`W),GBII6DNK;2DMKW.G95`4'S`2`1I.".?M3(2$I4=,J69
M(`B*9#J&7$MJU`N9"CWHZ<C43J'!%!!*0HKTH`)W!YI`:-9*8`&1O-)P.2="
MT@[">:@66W"ZA2#J6D)4K(F@+I2H!,0/TH92X%+\Q16DG#83_6G:06W=(45)
M2D)*0<`U8Nov 20 03:07:37 server syslogd 1.4.1: restart.
Sieht nicht gut aus.
Wer kann mir auf die Sprünge helfen.
ciao
dieter
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic