[CLUE-Tech] Cracked! Mailog entries that tipped me off FYI

Cyberclops Cyberclops at hawaii.rr.com
Sat Mar 24 12:09:44 MST 2001 

I'm sorry if I seem so ignorant, but what is the actual tip off.  If I
saw that, it would mean nothing to me.

Jim Intriglia wrote:
> 
> Greetings,
> 
> For those of you that might be interested in logfile info that showed my PC
> was compromised, the mailog file follows. Nothing showed up in messages
> BTW...
> 
> -Jim
> 
> Mar 19 12:05:08 localhost sendmail[505]: alias database /etc/aliases rebuilt
> by root
> Mar 19 12:05:08 localhost sendmail[505]: /etc/aliases: 14 aliases, longest
> 10 bytes, 152 bytes total
> Mar 19 12:05:09 localhost sendmail[519]: starting daemon (8.9.3):
> SMTP+queueing at 01:00:00
> Mar 20 05:08:26 localhost sendmail[2716]: FAA02716: from=root, size=284,
> class=0, pri=30284, nrcpts=1,
> msgid=<200103201308.FAA02716 at localhost.localdomain>, relay=root at localhost
> Mar 20 05:08:27 localhost sendmail[2720]: FAA02716: to=becys at becys.org,
> ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:00, mailer=esmtp,
> relay=mail.becys.org. [64.176.171.107], stat=Deferred: Network is
> unreachable
> Mar 20 06:05:10 localhost sendmail[3000]: FAA02716: to=becys at becys.org,
> ctladdr=root (0/0), delay=00:56:46, xdelay=00:00:00, mailer=esmtp,
> relay=mail.becys.org. [64.176.171.107], stat=Deferred: Network is
> unreachable
> Mar 20 07:05:11 localhost sendmail[3107]: FAA02716: to=becys at becys.org,
> ctladdr=root (0/0), delay=01:56:47, xdelay=00:00:01, mailer=esmtp,
> relay=mail.becys.org. [64.176.171.107], stat=Deferred: Network is
> unreachable
> Mar 20 09:33:59 localhost sendmail[532]: alias database /etc/aliases rebuilt
> by root
> Mar 20 09:33:59 localhost sendmail[532]: /etc/aliases: 14 aliases, longest
> 10 bytes, 152 bytes total
> Mar 20 09:34:00 localhost sendmail[546]: starting daemon (8.9.3):
> SMTP+queueing at 01:00:00
> Mar 20 09:34:00 localhost sendmail[549]: FAA02716: JAA00549: return to
> sender: Warning: could not send message for past 4 hours
> Mar 20 09:34:00 localhost sendmail[549]: JAA00549: to=root, delay=00:00:00,
> xdelay=00:00:00, mailer=local, stat=Sent
> Mar 20 10:34:25 localhost sendmail[1134]: FAA02716: to=becys at becys.org,
> ctladdr=root (0/0), delay=05:26:01, xdelay=00:00:24, mailer=esmtp,
> relay=mail.becys.org. [64.176.171.107], stat=Data format error
> Mar 20 10:34:25 localhost sendmail[1134]: FAA02716: KAA01134: return to
> sender: Data format error
> Mar 20 10:34:25 localhost sendmail[1134]: KAA01134: to=root, delay=00:00:00,
> xdelay=00:00:00, mailer=local, stat=Sent
> Mar 20 13:21:48 localhost sendmail[511]: alias database /etc/aliases rebuilt
> by root
> Mar 20 13:21:48 localhost sendmail[511]: /etc/aliases: 14 aliases, longest
> 10 bytes, 152 bytes total
> Mar 20 13:21:48 localhost sendmail[525]: starting daemon (8.9.3):
> SMTP+queueing at 01:00:00
> Mar 22 09:47:17 localhost sendmail[5344]: JAA05344: from=root, size=286,
> class=0, pri=30286, nrcpts=1,
> msgid=<200103221747.JAA05344 at localhost.localdomain>, relay=root at localhost
> Mar 22 09:47:18 localhost sendmail[5348]: JAA05344: to=granstone at go.ro,
> ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
> relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is
> unreachable
> Mar 22 10:21:53 localhost sendmail[5405]: JAA05344: to=granstone at go.ro,
> ctladdr=root (0/0), delay=00:34:36, xdelay=00:00:01, mailer=esmtp,
> relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is
> unreachable
> Mar 22 11:21:53 localhost sendmail[5495]: JAA05344: to=granstone at go.ro,
> ctladdr=root (0/0), delay=01:34:36, xdelay=00:00:02, mailer=esmtp,
> relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is
> unreachable
> Mar 22 12:21:52 localhost sendmail[5521]: JAA05344: to=granstone at go.ro,
> ctladdr=root (0/0), delay=02:34:35, xdelay=00:00:01, mailer=esmtp,
> relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is
> unreachable
> Mar 22 13:21:52 localhost sendmail[5574]: JAA05344: to=granstone at go.ro,
> ctladdr=root (0/0), delay=03:34:35, xdelay=00:00:01, mailer=esmtp,
> relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is
> unreachable
> Mar 22 14:21:54 localhost sendmail[5721]: JAA05344: to=granstone at go.ro,
> ctladdr=root (0/0), delay=04:34:37, xdelay=00:00:02, mailer=esmtp,
> relay=mail.rdslink.ro. [193.231.236.20], stat=Deferred: Network is
> unreachable
> Mar 22 14:21:54 localhost sendmail[5721]: JAA05344: OAA05721: return to
> sender: Warning: could not send message for past 4 hours
> Mar 22 14:21:54 localhost sendmail[5721]: OAA05721: to=root, delay=00:00:00,
> xdelay=00:00:00, mailer=local, stat=Sent
> Mar 22 14:38:42 localhost sendmail[518]: alias database /etc/aliases rebuilt
> by root
> Mar 22 14:38:43 localhost sendmail[518]: /etc/aliases: 14 aliases, longest
> 10 bytes, 152 bytes total
> Mar 22 14:38:43 localhost sendmail[532]: starting daemon (8.9.3):
> SMTP+queueing at 01:00:00
> Mar 22 15:38:49 localhost sendmail[1292]: JAA05344: to=granstone at go.ro,
> ctladdr=root (0/0), delay=05:51:32, xdelay=00:00:04, mailer=esmtp,
> relay=relay1.go.ro. [193.231.236.42], stat=Data format error
> Mar 22 15:38:50 localhost sendmail[1292]: JAA05344: PAA01292: return to
> sender: Data format error
> Mar 22 15:38:50 localhost sendmail[1292]: PAA01292: to=root, delay=00:00:00,
> xdelay=00:00:00, mailer=local, stat=Sent
> Mar 23 05:23:31 localhost sendmail[517]: alias database /etc/aliases rebuilt
> by root
> Mar 23 05:23:31 localhost sendmail[517]: /etc/aliases: 14 aliases, longest
> 10 bytes, 152 bytes total
> Mar 23 05:23:32 localhost sendmail[531]: starting daemon (8.9.3):
> SMTP+queueing at 01:00:00
> Mar 23 07:27:32 localhost sendmail[516]: alias database /etc/aliases rebuilt
> by root
> Mar 23 07:27:32 localhost sendmail[516]: /etc/aliases: 14 aliases, longest
> 10 bytes, 152 bytes total
> Mar 23 07:27:32 localhost sendmail[530]: starting daemon (8.9.3):
> SMTP+queueing at 01:00:00
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
> 
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech

More information about the clue-tech mailing list