[CLUE-Tech] possible breakin attempt
Mike
lister-clue at gantsfort.com
Thu Oct 28 22:26:24 MDT 2004
On Thu, Oct 28, 2004 at 09:34:57AM -0600, Mike wrote:
> Can anyone shed light on these messages in /var/log/auth.log:
>
> (all on one line but will line wrap here)
>
> Aug 30 12:46:50 mg2 sshd[10555]: reverse mapping checking getaddrinfo
> for ip-202-147-54-103.asianetcom.net failed - POSSIBLE BREAKIN ATTEMPT!
>
> There were 9 such messages on Aug 30th and 107 on Oct 9th.
>
> What are they trying to exploit?
>
> ckrootkit and rkhunter found nothing. What else I should check?
Thanks to all. I was wanting to make sure there wasn't a specific
exploit that was being tried. Looks like the same old same old--
scanning for easy to compromise machines.
Mike
More information about the clue-tech
mailing list