* Thanks to Bastille, I'm Still Alive
@ Janina Sajka
` cpt.kirk
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Janina Sajka @ UTC (permalink / raw)
To: ma-linux, speakup
At least, I don't think my attacker managed to do much. Since I'm new
enough to all of this, I'm posting the relevant snipets from some of my
logs below. I can't imagine I would be in such shape had I not run
Bastille a couple of months ago--even though I didn't take all of the
advice in the Bastille scripts.
I might not even have noticed the attack for awhile, had I not been on the
system with Bill Acker and Frankie Carmickle on the phone with me. And,
we'd just fixed my sendmail problem! Just in time to be atacked.
First, and most important: What authority should I advise of this
outrage? Who are the relevant gendarmes?
Second, and least clear to me--Did they do any damage to my mail? Seems
the relay request was canned, as was the request to root. But it looks to
me like debug and stats commands were honored. What does that mean? Here's
from maillog:
Apr 11 23:40:51 isrd sendmail[2358]: NOQUEUE: adsl-151-200-19-201.bellatlantic.net [151.200.19.201]: vrfy root
Apr 11 23:40:51 isrd sendmail[2359]: NOQUEUE: adsl-151-200-19-201.bellatlantic.net [151.200.19.201]: expn root
Apr 11 23:40:51 isrd sendmail[2360]: NOQUEUE: adsl-151-200-19-201.bellatlantic.net [151.200.19.201]: expn decode
Apr 11 23:42:13 isrd sendmail[2361]: XAA02361: ruleset=check_rcpt, arg1=<scan@cerberus-infosec.co.uk>, relay=adsl-151-200-19-201.bellatlantic.net [151.200.19.201], reject=551 we do not relay
Apr 11 23:42:13 isrd sendmail[2361]: XAA02361: from=<cis@cerberus-infosec.co.uk>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
Apr 11 23:42:13 isrd sendmail[2369]: XAA02369: setsender: |root: invalid or unparseable, received from adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
Apr 11 23:42:13 isrd sendmail[2369]: XAA02369: from=|root, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
Apr 11 23:42:13 isrd sendmail[2368]: NOQUEUE: "wiz" command from adsl-151-200-19-201.bellatlantic.net [151.200.19.201] (151.200.19.201)
Apr 11 23:42:14 isrd sendmail[2371]: XAA02371: |cisscan... Cannot mail directly to programs
Apr 11 23:42:14 isrd sendmail[2371]: XAA02371: "debug" command from adsl-151-200-19-201.bellatlantic.net [151.200.19.201] (151.200.19.201)
Apr 11 23:42:14 isrd sendmail[2371]: XAA02371: from=<scan@cerberus-infosec.co.uk>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
Apr 11 23:43:03 isrd sendmail[2399]: XAA02399: from=root, size=42, class=0, pri=30042, nrcpts=1, msgid=<200004120343.XAA02399@adsl-151-200-20-29.bellatlantic.net>, relay=root@localhost
Apr 11 23:43:03 isrd sendmail[2407]: XAA02399: to=isos, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Sent
I now have the 151. zone in hosts.deny so don't expect to hear from this
<explitive deleted> again--not from 151.200.19.201, at least. I think the
other probes were repelled. Am I wrong? Here's some more log data:
Mar 6 08:54:34 sajka login: LOGIN ON tty1 BY janina
Mar 6 08:56:26 sajka login: ROOT LOGIN ON tty2
Mar 6 15:10:07 sajka login: LOGIN ON tty3 BY janina
Mar 7 06:54:54 sajka login: LOGIN ON tty1 BY janina
Mar 7 06:55:04 sajka login: ROOT LOGIN ON tty2
Mar 7 09:07:45 sajka login: LOGIN ON tty1 BY janina
Mar 7 09:07:51 sajka login: ROOT LOGIN ON tty2
Mar 7 12:14:45 sajka login: LOGIN ON tty3 BY janina
Mar 7 13:54:46 sajka login: LOGIN ON tty1 BY janina
Mar 7 13:54:53 sajka login: ROOT LOGIN ON tty2
Mar 7 15:00:38 sajka login: LOGIN ON tty3 BY janina
Mar 7 15:40:40 sajka login: LOGIN ON tty4 BY janina
Mar 7 15:47:38 sajka login: LOGIN ON tty5 BY janina
Mar 7 17:20:33 sajka in.ftpd[1238]: connect from 129.186.142.10
Mar 7 17:23:09 sajka in.ftpd[1246]: connect from 129.186.142.10
Mar 7 19:12:03 sajka login: ROOT LOGIN ON tty4
Mar 7 19:42:41 sajka login: LOGIN ON tty1 BY janina
Mar 7 19:48:20 sajka login: ROOT LOGIN ON tty2
Mar 7 21:50:10 sajka login: LOGIN ON tty3 BY janina
Mar 8 10:25:06 sajka in.ftpd[2083]: connect from 208.36.95.171
Mar 8 16:28:43 sajka login: ROOT LOGIN ON tty4
Mar 8 19:02:37 sajka login: LOGIN ON tty1 BY janina
Mar 8 19:02:43 sajka login: ROOT LOGIN ON tty2
Mar 8 19:50:53 sajka login: LOGIN ON tty3 BY janina
Mar 8 19:55:29 sajka in.telnetd[997]: connect from 129.186.142.115
Mar 8 19:55:53 sajka login: LOGIN ON 0 BY collins FROM gene4.cc.iastate.edu
Mar 8 20:54:06 sajka login: ROOT LOGIN ON tty4
Mar 8 20:54:51 sajka login: ROOT LOGIN ON tty6
Mar 9 12:10:00 sajka login: ROOT LOGIN ON tty2
Mar 9 12:14:44 sajka login: LOGIN ON tty1 BY janina
Mar 9 12:49:07 sajka login: LOGIN ON tty3 BY janina
Mar 9 14:05:17 sajka login: LOGIN ON tty5 BY janina
Mar 9 15:02:26 sajka in.ftpd[1222]: connect from 208.36.95.171
Mar 9 15:10:50 sajka in.ftpd[1245]: connect from 208.36.95.171
Mar 9 15:22:22 sajka in.ftpd[1306]: connect from 208.36.95.171
Mar 9 15:25:23 sajka in.ftpd[1313]: connect from 208.36.95.171
Mar 9 15:28:12 sajka in.ftpd[1321]: connect from 208.36.95.171
Mar 9 15:52:47 sajka login: ROOT LOGIN ON tty4
Mar 9 19:16:38 sajka login: ROOT LOGIN ON tty2
Mar 9 19:59:56 sajka login: LOGIN ON tty1 BY janina
Mar 9 20:01:07 sajka in.telnetd[693]: refused connect from 208.36.95.171
Mar 9 20:01:29 sajka in.ftpd[700]: refused connect from 208.36.95.171
Mar 9 20:27:02 sajka login: LOGIN ON tty3 BY janina
Mar 10 00:08:12 sajka login: LOGIN ON tty1 BY janina
Mar 10 00:09:30 sajka in.telnetd[598]: connect from 208.36.95.171
Mar 10 00:09:47 sajka login: LOGIN ON 0 BY janina FROM 208.36.95.171
Mar 10 00:10:05 sajka in.ftpd[616]: connect from 208.36.95.171
Mar 10 00:11:24 sajka login: ROOT LOGIN ON tty2
Mar 10 01:20:20 sajka login: ROOT LOGIN ON tty4
Mar 10 01:21:14 sajka login: ROOT LOGIN ON tty4
Mar 10 01:24:16 sajka login: ROOT LOGIN ON tty4
Mar 10 09:40:50 sajka login: LOGIN ON tty3 BY janina
Mar 10 12:56:24 sajka login: LOGIN ON tty5 BY janina
Mar 10 17:48:01 sajka login: ROOT LOGIN ON tty6
Mar 10 18:11:19 sajka in.ftpd[3517]: connect from 63.224.68.2
Mar 10 23:04:55 sajka login: ROOT LOGIN ON tty2
Mar 11 11:46:09 sajka login: ROOT LOGIN ON tty2
Mar 12 21:47:36 sajka login: ROOT LOGIN ON tty2
Mar 12 21:56:09 sajka login: ROOT LOGIN ON tty4
Mar 12 21:59:22 sajka login: ROOT LOGIN ON tty2
Mar 12 22:00:02 sajka login: ROOT LOGIN ON tty2
Mar 12 22:00:18 sajka login: LOGIN ON tty3 BY janina
Mar 13 14:09:32 sajka login: LOGIN ON tty1 BY janina
Mar 13 14:09:43 sajka login: ROOT LOGIN ON tty2
Mar 13 15:22:58 sajka login: LOGIN ON tty3 BY janina
Mar 13 15:50:40 sajka login: ROOT LOGIN ON tty2
Mar 13 15:50:49 sajka login: LOGIN ON tty3 BY janina
Mar 13 16:05:49 sajka login: LOGIN ON tty1 BY janina
Mar 13 16:51:03 sajka login: ROOT LOGIN ON tty4
Mar 13 17:08:33 sajka login: ROOT LOGIN ON tty2
Mar 13 17:11:49 sajka login: ROOT LOGIN ON tty4
Mar 13 17:13:21 sajka login: ROOT LOGIN ON tty2
Mar 13 17:23:23 sajka login: LOGIN ON tty3 BY janina
Mar 13 19:48:40 sajka login: ROOT LOGIN ON tty4
Mar 13 20:04:42 sajka login: ROOT LOGIN ON tty2
Mar 13 20:09:54 sajka login: LOGIN ON tty3 BY janina
Mar 13 20:43:10 sajka login: LOGIN ON tty1 BY janina
Mar 13 22:38:16 sajka login: ROOT LOGIN ON tty2
Mar 13 22:45:48 sajka login: ROOT LOGIN ON tty2
Mar 13 22:58:23 sajka login: LOGIN ON tty1 BY janina
Mar 13 23:02:30 sajka login: LOGIN ON tty1 BY janina
Mar 13 23:04:45 sajka login: ROOT LOGIN ON tty2
Mar 13 23:14:27 sajka login: ROOT LOGIN ON tty4
Mar 13 23:16:54 sajka login: ROOT LOGIN ON tty2
Mar 14 09:16:17 sajka login: LOGIN ON tty1 BY janina
Mar 14 09:33:12 sajka login: LOGIN ON tty3 BY janina
Mar 14 11:54:00 sajka login: ROOT LOGIN ON tty2
Mar 14 12:52:19 sajka login: LOGIN ON tty1 BY janina
Mar 14 13:12:40 sajka login: LOGIN ON tty3 BY janina
Mar 14 17:50:24 sajka login: ROOT LOGIN ON tty2
Mar 14 23:45:13 sajka login: ROOT LOGIN ON tty2
Mar 14 23:48:17 sajka login: LOGIN ON tty1 BY janina
Mar 15 00:01:38 sajka login: ROOT LOGIN ON tty2
Mar 15 00:20:13 sajka login: ROOT LOGIN ON tty2
Mar 15 08:51:04 sajka login: LOGIN ON tty1 BY janina
Mar 15 09:06:43 sajka login: ROOT LOGIN ON tty2
Mar 15 11:26:39 sajka login: LOGIN ON tty1 BY janina
Mar 15 11:26:58 sajka login: ROOT LOGIN ON tty2
Mar 15 11:38:50 sajka login: LOGIN ON tty3 BY janina
Mar 15 13:51:26 sajka login: LOGIN ON tty5 BY janina
Mar 15 14:40:35 sajka login: ROOT LOGIN ON tty4
Mar 16 19:45:36 sajka in.telnetd[4798]: connect from 63.224.68.1
Mar 16 19:45:52 sajka login: LOGIN ON 0 BY wacker FROM 63.224.68.1
Mar 17 09:39:00 sajka login: ROOT LOGIN ON tty2
Mar 17 09:47:39 sajka login: LOGIN ON tty1 BY janina
Mar 17 09:57:16 sajka login: LOGIN ON tty3 BY janina
Mar 17 14:26:39 sajka login: ROOT LOGIN ON tty2
Mar 17 14:29:34 sajka login: LOGIN ON tty1 BY janina
Mar 17 14:29:39 sajka in.ftpd[655]: connect from 151.200.20.29
Mar 17 15:39:46 sajka login: LOGIN ON tty3 BY janina
Mar 17 17:16:43 sajka in.ftpd[1116]: connect from 63.224.68.2
Mar 19 11:35:31 sajka in.telnetd[5291]: connect from 208.36.95.171
Mar 19 11:36:11 sajka in.telnetd[5294]: connect from 208.36.95.171
Mar 19 11:36:21 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 19 12:02:51 sajka in.ftpd[5367]: connect from 208.36.95.171
Mar 19 12:03:42 sajka in.telnetd[5369]: connect from 208.36.95.171
Mar 19 12:04:00 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 19 12:05:45 sajka in.ftpd[5388]: connect from 208.36.95.171
Mar 20 02:44:02 sajka in.ftpd[6704]: connect from 24.5.204.126
Mar 20 10:08:39 sajka in.telnetd[7479]: connect from 208.36.95.171
Mar 20 10:09:00 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 20 10:35:29 sajka in.telnetd[7541]: connect from 208.36.95.171
Mar 20 10:35:57 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 21 18:46:05 sajka in.telnetd[10963]: connect from 208.36.95.171
Mar 21 18:46:32 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 21 18:57:57 sajka in.ftpd[11010]: connect from 208.36.95.171
Mar 21 22:14:09 sajka in.telnetd[11358]: connect from 208.36.95.171
Mar 21 22:14:23 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 21 22:21:31 sajka in.ftpd[11386]: connect from 208.36.95.171
Mar 21 23:22:40 sajka in.ftpd[11504]: connect from 208.36.95.171
Mar 21 23:25:27 sajka in.telnetd[11508]: connect from 208.36.95.171
Mar 21 23:25:43 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 22 01:21:34 sajka in.ftpd[11774]: connect from 208.36.95.171
Mar 22 11:39:12 sajka in.telnetd[12797]: connect from 208.36.95.171
Mar 22 11:39:27 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 22 11:49:58 sajka in.telnetd[12830]: connect from 208.36.95.171
Mar 22 11:50:08 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 24 02:48:27 sajka in.telnetd[16851]: connect from 208.36.95.171
Mar 24 02:48:41 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 24 20:09:55 sajka in.telnetd[18793]: connect from 166.102.116.151
Mar 24 20:09:55 sajka imapd[18794]: refused connect from 166.102.116.151
Mar 24 20:09:55 sajka ipop3d[18795]: connect from 166.102.116.151
Mar 24 20:09:55 sajka ipop3d[18795]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Mar 24 20:09:55 sajka in.ftpd[18802]: connect from 166.102.116.151
Mar 24 20:09:56 sajka in.telnetd[18809]: connect from 166.102.116.151
Mar 24 20:10:02 sajka ipop3d[18813]: connect from 166.102.116.151
Mar 24 20:10:02 sajka ipop3d[18813]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Mar 24 20:10:05 sajka imapd[18814]: refused connect from 166.102.116.151
Mar 24 20:36:12 sajka in.telnetd[18876]: connect from 208.36.95.171
Mar 24 20:36:28 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 27 01:24:55 sajka in.telnetd[24016]: connect from 208.36.95.171
Mar 27 01:25:05 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 29 13:48:15 sajka in.telnetd[31048]: connect from 208.36.95.171
Mar 29 13:48:34 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Mar 30 00:36:36 sajka in.telnetd[32411]: connect from 208.36.95.171
Mar 30 00:36:48 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Apr 1 11:41:54 sajka login: LOGIN ON tty1 BY janina
Apr 1 12:26:49 sajka login: LOGIN ON tty3 BY janina
Apr 1 14:06:21 sajka login: ROOT LOGIN ON tty2
Apr 2 10:44:46 sajka login: ROOT LOGIN ON tty2
Apr 2 11:10:18 sajka login: LOGIN ON tty1 BY janina
Apr 2 11:17:44 sajka login: LOGIN ON tty3 BY janina
Apr 2 14:35:35 sajka login: ROOT LOGIN ON tty4
Apr 2 14:39:08 sajka login: ROOT LOGIN ON tty6
Apr 2 15:57:55 sajka login: ROOT LOGIN ON tty1
Apr 2 16:01:45 sajka login: LOGIN ON tty1 BY janina
Apr 2 16:01:55 sajka login: ROOT LOGIN ON tty2
Apr 2 16:05:33 sajka login: LOGIN ON tty3 BY janina
Apr 2 16:33:56 sajka login: ROOT LOGIN ON tty4
Apr 2 18:59:48 sajka login: LOGIN ON tty5 BY janina
Apr 3 22:32:38 sajka login: LOGIN ON tty1 BY janina
Apr 3 22:32:45 sajka login: ROOT LOGIN ON tty2
Apr 3 22:39:55 sajka login: LOGIN ON tty1 BY janina
Apr 3 22:40:00 sajka login: ROOT LOGIN ON tty2
Apr 3 22:49:17 sajka login: LOGIN ON tty1 BY janina
Apr 3 22:49:32 sajka login: ROOT LOGIN ON tty2
Apr 4 09:59:28 sajka login: LOGIN ON tty3 BY janina
Apr 4 10:42:12 sajka login: LOGIN ON tty1 BY janina
Apr 4 10:42:20 sajka login: ROOT LOGIN ON tty2
Apr 4 11:00:27 sajka login: ROOT LOGIN ON tty2
Apr 4 11:31:07 sajka login: ROOT LOGIN ON tty1
Apr 4 11:42:04 sajka login: ROOT LOGIN ON tty1
Apr 4 11:55:03 sajka login: ROOT LOGIN ON tty1
Apr 4 12:26:11 sajka login: ROOT LOGIN ON tty1
Apr 4 13:13:07 sajka login: ROOT LOGIN ON tty1
Apr 4 14:27:25 sajka login: LOGIN ON tty1 BY janina
Apr 4 15:21:25 sajka login: ROOT LOGIN ON tty2
Apr 4 16:04:16 sajka login: ROOT LOGIN ON tty4
Apr 4 16:14:24 sajka login: LOGIN ON tty3 BY janina
Apr 4 17:07:20 sajka login: LOGIN ON tty1 BY janina
Apr 4 17:07:40 sajka login: ROOT LOGIN ON tty2
Apr 4 17:18:27 sajka login: LOGIN ON tty3 BY janina
Apr 4 17:22:18 sajka login: ROOT LOGIN ON tty4
Apr 4 19:00:02 sajka login: LOGIN ON tty5 BY janina
Apr 4 19:07:32 sajka login: ROOT LOGIN ON tty4
Apr 4 19:54:41 sajka login: ROOT LOGIN ON tty2
Apr 4 22:13:27 sajka login: ROOT LOGIN ON tty2
Apr 5 08:47:17 sajka login: LOGIN ON tty1 BY janina
Apr 5 08:47:28 sajka login: ROOT LOGIN ON tty2
Apr 5 10:23:27 sajka login: LOGIN ON tty1 BY janina
Apr 5 10:23:32 sajka login: ROOT LOGIN ON tty2
Apr 5 13:15:52 sajka login: ROOT LOGIN ON tty4
Apr 5 13:36:53 sajka login: LOGIN ON tty1 BY janina
Apr 5 13:37:03 sajka login: ROOT LOGIN ON tty2
Apr 5 13:39:06 sajka login: LOGIN ON tty3 BY janina
Apr 5 13:40:10 sajka login: ROOT LOGIN ON tty4
Apr 5 18:15:41 sajka login: ROOT LOGIN ON tty1
Apr 5 18:31:45 sajka login: ROOT LOGIN ON tty1
Apr 5 19:28:25 sajka login: ROOT LOGIN ON tty2
Apr 5 19:45:50 sajka login: LOGIN ON tty1 BY janina
Apr 5 21:23:25 sajka login: ROOT LOGIN ON tty1
Apr 5 22:08:29 sajka login: ROOT LOGIN ON tty1
Apr 5 22:47:32 sajka login: ROOT LOGIN ON tty1
Apr 5 23:05:35 sajka login: ROOT LOGIN ON tty1
Apr 6 01:06:24 sajka login: ROOT LOGIN ON tty1
Apr 6 09:56:37 sajka login: ROOT LOGIN ON tty1
Apr 6 11:00:59 sajka login: ROOT LOGIN ON tty1
Apr 6 11:02:48 sajka login: LOGIN ON tty2 BY janina
Apr 6 13:31:12 sajka login: ROOT LOGIN ON tty1
Apr 6 14:09:19 sajka login: ROOT LOGIN ON tty2
Apr 6 16:41:56 sajka login: ROOT LOGIN ON tty1
Apr 6 20:33:13 sajka login: ROOT LOGIN ON tty1
Apr 6 20:41:11 sajka login: ROOT LOGIN ON tty1
Apr 6 20:53:08 sajka login: ROOT LOGIN ON tty2
Apr 6 23:16:54 sajka login: ROOT LOGIN ON tty1
Apr 6 23:58:48 sajka login: ROOT LOGIN ON tty1
Apr 7 01:02:49 sajka login: ROOT LOGIN ON tty1
Apr 7 01:29:05 sajka login: ROOT LOGIN ON tty1
Apr 7 01:33:15 sajka login: ROOT LOGIN ON tty1
Apr 7 01:39:22 sajka login: ROOT LOGIN ON tty1
Apr 7 01:43:50 sajka login: LOGIN ON tty1 BY janina
Apr 7 01:44:56 sajka login: ROOT LOGIN ON tty2
Apr 7 09:56:48 sajka login: ROOT LOGIN ON tty2
Apr 7 09:57:47 sajka login: LOGIN ON tty1 BY janina
Apr 7 09:58:11 sajka login: ROOT LOGIN ON tty2
Apr 7 10:04:15 sajka login: LOGIN ON tty1 BY janina
Apr 7 10:05:37 sajka login: LOGIN ON tty1 BY janina
Apr 7 10:07:38 sajka login: ROOT LOGIN ON tty2
Apr 7 10:10:32 sajka login: LOGIN ON tty1 BY janina
Apr 7 13:19:51 sajka login: ROOT LOGIN ON tty2
Apr 7 13:22:26 sajka login: LOGIN ON tty1 BY janina
Apr 7 16:23:09 sajka login: LOGIN ON tty3 BY janina
Apr 7 16:26:39 sajka login: ROOT LOGIN ON tty2
Apr 7 17:53:30 sajka login: ROOT LOGIN ON tty4
Apr 7 18:39:54 sajka login: LOGIN ON tty1 BY janina
Apr 7 18:40:21 sajka login: ROOT LOGIN ON tty2
Apr 7 20:46:48 sajka in.telnetd[1401]: connect from 192.168.1.239
Apr 7 22:45:53 sajka ipop3d[2234]: connect from 192.168.1.250
Apr 7 22:45:53 sajka ipop3d[2234]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 22:45:58 sajka ipop3d[2235]: connect from 192.168.1.250
Apr 7 22:45:58 sajka ipop3d[2235]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 22:46:03 sajka ipop3d[2237]: connect from 192.168.1.250
Apr 7 22:46:03 sajka ipop3d[2237]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 22:51:08 sajka ipop3d[2264]: connect from 192.168.1.250
Apr 7 22:51:08 sajka ipop3d[2264]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 22:51:13 sajka ipop3d[2265]: connect from 192.168.1.250
Apr 7 22:51:13 sajka ipop3d[2265]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 22:51:18 sajka ipop3d[2266]: connect from 192.168.1.250
Apr 7 22:51:18 sajka ipop3d[2266]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 22:56:23 sajka ipop3d[2405]: connect from 192.168.1.250
Apr 7 22:56:23 sajka ipop3d[2405]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 22:56:28 sajka ipop3d[2406]: connect from 192.168.1.250
Apr 7 22:56:28 sajka ipop3d[2406]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 22:56:33 sajka ipop3d[2407]: connect from 192.168.1.250
Apr 7 22:56:33 sajka ipop3d[2407]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 23:01:38 sajka ipop3d[2432]: connect from 192.168.1.250
Apr 7 23:01:38 sajka ipop3d[2432]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 23:01:43 sajka ipop3d[2433]: connect from 192.168.1.250
Apr 7 23:01:43 sajka ipop3d[2433]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 23:01:48 sajka ipop3d[2434]: connect from 192.168.1.250
Apr 7 23:01:48 sajka ipop3d[2434]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 23:06:53 sajka ipop3d[2441]: connect from 192.168.1.250
Apr 7 23:06:53 sajka ipop3d[2441]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 23:06:58 sajka ipop3d[2442]: connect from 192.168.1.250
Apr 7 23:06:58 sajka ipop3d[2442]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 23:07:03 sajka ipop3d[2443]: connect from 192.168.1.250
Apr 7 23:07:03 sajka ipop3d[2443]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 23:12:08 sajka ipop3d[2461]: connect from 192.168.1.250
Apr 7 23:12:08 sajka ipop3d[2461]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 23:12:13 sajka ipop3d[2463]: connect from 192.168.1.250
Apr 7 23:12:13 sajka ipop3d[2463]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 23:12:18 sajka ipop3d[2464]: connect from 192.168.1.250
Apr 7 23:12:18 sajka ipop3d[2464]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 23:17:23 sajka ipop3d[2492]: connect from 192.168.1.250
Apr 7 23:17:23 sajka ipop3d[2492]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 23:17:28 sajka ipop3d[2493]: connect from 192.168.1.250
Apr 7 23:17:28 sajka ipop3d[2493]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 7 23:17:33 sajka ipop3d[2494]: connect from 192.168.1.250
Apr 7 23:17:33 sajka ipop3d[2494]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 8 00:02:09 sajka login: LOGIN ON tty3 BY janina
Apr 8 00:39:49 adsl-151-200-20-29 login: ROOT LOGIN ON tty1
Apr 8 02:36:27 adsl-151-200-20-29 in.telnetd[1033]: connect from 208.166.24.190
Apr 8 10:51:22 adsl-151-200-20-29 login: LOGIN ON tty1 BY janina
Apr 8 11:39:21 adsl-151-200-20-29 login: LOGIN ON tty3 BY janina
Apr 8 11:39:45 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
Apr 8 11:51:11 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
Apr 8 11:59:26 adsl-151-200-20-29 login: LOGIN ON tty3 BY janina
Apr 8 12:05:51 adsl-151-200-20-29 login: LOGIN ON tty3 BY janina
Apr 8 12:07:26 adsl-151-200-20-29 login: LOGIN ON tty3 BY janina
Apr 8 12:40:56 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
Apr 8 13:20:49 adsl-151-200-20-29 login: ROOT LOGIN ON tty4
Apr 8 13:29:21 adsl-151-200-20-29 login: ROOT LOGIN ON tty4
Apr 8 16:34:18 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
Apr 8 16:48:36 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
Apr 8 17:06:34 adsl-151-200-20-29 login: ROOT LOGIN ON tty4
Apr 9 15:46:59 adsl-151-200-20-29 login: ROOT LOGIN ON tty1
Apr 9 17:01:02 adsl-151-200-20-29 login: ROOT LOGIN ON tty1
Apr 9 17:01:23 adsl-151-200-20-29 in.telnetd[8511]: connect from 192.168.1.253
Apr 9 17:18:07 isrd login: ROOT LOGIN ON tty2
Apr 9 17:58:30 isrd login: LOGIN ON tty3 BY janina
Apr 9 19:15:31 isrd in.telnetd[1315]: connect from 192.168.1.239
Apr 9 19:18:17 isrd in.telnetd[1322]: connect from 192.168.1.239
Apr 9 19:18:22 isrd login: LOGIN ON 0 BY janina FROM 192.168.1.239
Apr 9 19:58:28 isrd login: ROOT LOGIN ON tty2
Apr 9 20:25:06 isrd in.ftpd[1022]: connect from 192.168.1.239
Apr 9 20:25:53 isrd in.ftpd[1023]: connect from 192.168.1.239
Apr 9 20:35:36 isrd in.ftpd[1135]: connect from 192.168.1.239
Apr 9 21:32:13 isrd in.ftpd[1699]: connect from 192.168.1.239
Apr 9 21:33:46 isrd in.ftpd[1701]: connect from 192.168.1.239
Apr 9 21:34:52 isrd in.ftpd[1703]: connect from 192.168.1.239
Apr 9 21:46:05 isrd login: ROOT LOGIN ON tty2
Apr 9 21:47:34 isrd in.ftpd[881]: connect from 208.36.95.171
Apr 9 21:48:30 isrd login: ROOT LOGIN ON tty4
Apr 9 21:50:15 isrd in.ftpd[909]: connect from 208.36.95.171
Apr 9 21:57:00 isrd in.ftpd[991]: connect from 208.36.95.171
Apr 9 22:02:33 isrd in.ftpd[1008]: connect from 192.168.1.239
Apr 9 22:12:23 isrd login: ROOT LOGIN ON tty2
Apr 9 22:43:05 isrd login: LOGIN ON tty1 BY janina
Apr 10 10:18:03 isrd login: ROOT LOGIN ON tty2
Apr 10 10:21:14 isrd login: LOGIN ON tty1 BY janina
Apr 10 11:28:07 isrd login: LOGIN ON tty3 BY janina
Apr 10 11:35:17 isrd login: LOGIN ON tty1 BY janina
Apr 10 11:35:25 isrd login: ROOT LOGIN ON tty2
Apr 10 11:38:27 isrd login: LOGIN ON tty3 BY janina
Apr 10 11:44:55 isrd login: ROOT LOGIN ON tty4
Apr 10 13:15:20 isrd login: ROOT LOGIN ON tty2
Apr 10 13:22:39 isrd login: LOGIN ON tty1 BY janina
Apr 10 13:25:16 isrd login: LOGIN ON tty3 BY janina
Apr 10 13:38:26 isrd login: ROOT LOGIN ON tty4
Apr 10 14:16:54 isrd login: LOGIN ON tty1 BY janina
Apr 10 14:54:31 isrd login: LOGIN ON tty1 BY janina
Apr 10 15:05:41 isrd login: LOGIN ON tty1 BY janina
Apr 10 15:06:49 isrd login: ROOT LOGIN ON tty2
Apr 10 15:12:39 isrd login: ROOT LOGIN ON tty2
Apr 10 15:13:39 isrd login: ROOT LOGIN ON tty2
Apr 10 16:17:08 isrd login: ROOT LOGIN ON tty4
Apr 10 16:17:17 isrd login: LOGIN ON tty3 BY janina
Apr 10 18:00:08 isrd login: ROOT LOGIN ON tty2
Apr 10 18:27:18 isrd login: LOGIN ON tty1 BY janina
Apr 10 18:53:23 isrd login: ROOT LOGIN ON tty2
Apr 10 18:58:47 isrd login: LOGIN ON tty1 BY janina
Apr 10 18:59:57 isrd login: LOGIN ON tty3 BY janina
Apr 10 19:55:15 isrd login: ROOT LOGIN ON tty1
Apr 10 22:30:26 isrd login: LOGIN ON tty1 BY janina
Apr 10 22:30:58 isrd login: ROOT LOGIN ON tty2
Apr 10 23:46:42 isrd login: LOGIN ON tty3 BY janina
Apr 11 11:28:37 isrd login: LOGIN ON tty1 BY janina
Apr 11 16:40:58 isrd login: ROOT LOGIN ON tty4
Apr 11 18:34:27 isrd login: LOGIN ON tty5 BY janina
Apr 11 19:13:20 isrd login: ROOT LOGIN ON tty2
Apr 11 19:15:16 isrd login: LOGIN ON tty1 BY janina
Apr 11 19:30:08 isrd in.telnetd[935]: connect from 208.36.95.171
Apr 11 19:30:30 isrd login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
Apr 11 20:29:50 isrd in.telnetd[1194]: connect from 63.224.68.2
Apr 11 20:36:56 isrd in.ftpd[1229]: connect from 192.168.1.239
Apr 11 20:58:13 isrd login: ROOT LOGIN ON tty4
Apr 11 20:59:38 isrd login: ROOT LOGIN ON tty4
Apr 11 21:32:23 isrd login: ROOT LOGIN ON tty2
Apr 11 21:36:47 isrd login: ROOT LOGIN ON tty2
Apr 11 21:51:16 isrd login: ROOT LOGIN ON tty2
Apr 11 22:12:26 isrd in.ftpd[1984]: connect from 192.168.1.239
Apr 11 22:29:59 isrd in.ftpd[2004]: connect from 192.168.1.239
Apr 11 22:50:37 isrd login: ROOT LOGIN ON tty4
Apr 11 23:25:22 isrd login: LOGIN ON tty1 BY janina
Apr 11 23:40:23 isrd ipop3d[2300]: connect from 151.200.19.201
Apr 11 23:40:23 isrd ipop3d[2300]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
Apr 11 23:40:23 isrd in.fingerd[2306]: connect from 151.200.19.201
Apr 11 23:42:01 isrd in.ftpd[2363]: connect from 151.200.19.201
Apr 11 23:42:24 isrd in.ftpd[2373]: connect from 151.200.19.201
And another version of the facts, just the facts:
Apr 11 23:40:23 isrd portmap[2303]: connect from 151.200.19.201 to dump(): request from unauthorized host
Apr 12 03:40:51 isrd ftpd[2298]: refused PORT 199.199.199.199,2570 from adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
Apr 11 23:42:13 isrd sendmail[2368]: NOQUEUE: "wiz" command from adsl-151-200-19-201.bellatlantic.net [151.200.19.201] (151.200.19.201)
Apr 11 23:42:14 isrd sendmail[2371]: XAA02371: "debug" command from adsl-151-200-19-201.bellatlantic.net [151.200.19.201] (151.200.19.201)
Apr 11 23:42:45 isrd PAM-securetty[2377]: Error opening /etc/securetty
And, finally:
Apr 11 23:40:23 isrd portmap[2303]: connect from 151.200.19.201 to dump(): request from unauthorized host
Apr 12 03:40:51 isrd ftpd[2298]: ANONYMOUS FTP LOGIN FROM adsl-151-200-19-201.bellatlantic.net [151.200.19.201], cis@security.check
Apr 12 03:40:51 isrd ftpd[2298]: refused PORT 199.199.199.199,2570 from adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
Apr 12 03:40:51 isrd ftpd[2298]: FTP session closed
Apr 12 03:42:01 isrd ftpd[2363]: ANONYMOUS FTP LOGIN FROM adsl-151-200-19-201.bellatlantic.net [151.200.19.201], IE40user@
Apr 12 03:42:24 isrd ftpd[2373]: ANONYMOUS FTP LOGIN FROM adsl-151-200-19-201.bellatlantic.net [151.200.19.201], IE40user@
Apr 12 03:48:27 isrd ftpd[2373]: lost connection to adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
Apr 12 03:48:27 isrd ftpd[2373]: FTP session closed
That's right. They came back four hours later to poke around in person via
anonymous ftp. What did they want? How about a file with the net address
for about a dozen time servers? <grin>
Wed Apr 12 03:42:25 2000 1 adsl-151-200-19-201.bellatlantic.net 562 /home/ftp/pub/misc/ntp-servers.txt b _ o a IE40user@ ftp 0 * c
So, if I'm crowing any, it's thanks to the great Bastille scripts. I would
not have known enough to have plugged all of these holes myself yet. And,
I'd be a very unhappy camper had I not used Bastille.
Thanks, Peter, and the rest of ya'all. --
Janina Sajka, Director
Information Systems Research & Development
American Foundation for the Blind (AFB)
janina@afb.net
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Thanks to Bastille, I'm Still Alive
Thanks to Bastille, I'm Still Alive Janina Sajka
@ ` cpt.kirk
` wabe
` Victor Tsaran
2 siblings, 0 replies; 4+ messages in thread
From: cpt.kirk @ UTC (permalink / raw)
To: speakup
The first place I would notify is bellatlantic.net if you are not a
subscriber to them. Offer them all relevant logs. Many ISPs will take
action against subscribers who launch attacks from their turf.
I know that many will laugh, but the FBI claims to be interested in such
things. I don't know if it is true, or how much they really care. And I
wouldn't place a lot of confidence that they will (or even can) find the
jerk. But they are looking to burn someone, and the person did violate
federal law.
Kirk Wood
Cpt.Kirk@1tree.net
------------------
Why can't you be a non-conformist, like everybody else?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Thanks to Bastille, I'm Still Alive
Thanks to Bastille, I'm Still Alive Janina Sajka
` cpt.kirk
@ ` wabe
` Victor Tsaran
2 siblings, 0 replies; 4+ messages in thread
From: wabe @ UTC (permalink / raw)
To: Janina Sajka; +Cc: ma-linux, speakup
Well, honestly, it looks like he was looking for 2 things:
1. REALLY old sendmail holes.
2. ftp overflow holes.
As for 1 - any moderately recent (>5.0 RH) linux should be fine against this.
As for 2 - You don't have anonymous ftp able to write to any directories, do you? You'd have
to specifically enable anonymous, and set that up, on most Linux Distros.
I would check to be sure you arn't running amd and have upgraded your bind and then
I'd sleep better, if I were you.
-wabe
Janina Sajka wrote:
> At least, I don't think my attacker managed to do much. Since I'm new
> enough to all of this, I'm posting the relevant snipets from some of my
> logs below. I can't imagine I would be in such shape had I not run
> Bastille a couple of months ago--even though I didn't take all of the
> advice in the Bastille scripts.
>
> I might not even have noticed the attack for awhile, had I not been on the
> system with Bill Acker and Frankie Carmickle on the phone with me. And,
> we'd just fixed my sendmail problem! Just in time to be atacked.
>
> First, and most important: What authority should I advise of this
> outrage? Who are the relevant gendarmes?
>
> Second, and least clear to me--Did they do any damage to my mail? Seems
> the relay request was canned, as was the request to root. But it looks to
> me like debug and stats commands were honored. What does that mean? Here's
> from maillog:
>
> Apr 11 23:40:51 isrd sendmail[2358]: NOQUEUE: adsl-151-200-19-201.bellatlantic.net [151.200.19.201]: vrfy root
> Apr 11 23:40:51 isrd sendmail[2359]: NOQUEUE: adsl-151-200-19-201.bellatlantic.net [151.200.19.201]: expn root
> Apr 11 23:40:51 isrd sendmail[2360]: NOQUEUE: adsl-151-200-19-201.bellatlantic.net [151.200.19.201]: expn decode
> Apr 11 23:42:13 isrd sendmail[2361]: XAA02361: ruleset=check_rcpt, arg1=<scan@cerberus-infosec.co.uk>, relay=adsl-151-200-19-201.bellatlantic.net [151.200.19.201], reject=551 we do not relay
> Apr 11 23:42:13 isrd sendmail[2361]: XAA02361: from=<cis@cerberus-infosec.co.uk>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 11 23:42:13 isrd sendmail[2369]: XAA02369: setsender: |root: invalid or unparseable, received from adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 11 23:42:13 isrd sendmail[2369]: XAA02369: from=|root, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 11 23:42:13 isrd sendmail[2368]: NOQUEUE: "wiz" command from adsl-151-200-19-201.bellatlantic.net [151.200.19.201] (151.200.19.201)
> Apr 11 23:42:14 isrd sendmail[2371]: XAA02371: |cisscan... Cannot mail directly to programs
> Apr 11 23:42:14 isrd sendmail[2371]: XAA02371: "debug" command from adsl-151-200-19-201.bellatlantic.net [151.200.19.201] (151.200.19.201)
> Apr 11 23:42:14 isrd sendmail[2371]: XAA02371: from=<scan@cerberus-infosec.co.uk>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 11 23:43:03 isrd sendmail[2399]: XAA02399: from=root, size=42, class=0, pri=30042, nrcpts=1, msgid=<200004120343.XAA02399@adsl-151-200-20-29.bellatlantic.net>, relay=root@localhost
> Apr 11 23:43:03 isrd sendmail[2407]: XAA02399: to=isos, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Sent
>
> I now have the 151. zone in hosts.deny so don't expect to hear from this
> <explitive deleted> again--not from 151.200.19.201, at least. I think the
> other probes were repelled. Am I wrong? Here's some more log data:
>
> Mar 6 08:54:34 sajka login: LOGIN ON tty1 BY janina
> Mar 6 08:56:26 sajka login: ROOT LOGIN ON tty2
> Mar 6 15:10:07 sajka login: LOGIN ON tty3 BY janina
> Mar 7 06:54:54 sajka login: LOGIN ON tty1 BY janina
> Mar 7 06:55:04 sajka login: ROOT LOGIN ON tty2
> Mar 7 09:07:45 sajka login: LOGIN ON tty1 BY janina
> Mar 7 09:07:51 sajka login: ROOT LOGIN ON tty2
> Mar 7 12:14:45 sajka login: LOGIN ON tty3 BY janina
> Mar 7 13:54:46 sajka login: LOGIN ON tty1 BY janina
> Mar 7 13:54:53 sajka login: ROOT LOGIN ON tty2
> Mar 7 15:00:38 sajka login: LOGIN ON tty3 BY janina
> Mar 7 15:40:40 sajka login: LOGIN ON tty4 BY janina
> Mar 7 15:47:38 sajka login: LOGIN ON tty5 BY janina
> Mar 7 17:20:33 sajka in.ftpd[1238]: connect from 129.186.142.10
> Mar 7 17:23:09 sajka in.ftpd[1246]: connect from 129.186.142.10
> Mar 7 19:12:03 sajka login: ROOT LOGIN ON tty4
> Mar 7 19:42:41 sajka login: LOGIN ON tty1 BY janina
> Mar 7 19:48:20 sajka login: ROOT LOGIN ON tty2
> Mar 7 21:50:10 sajka login: LOGIN ON tty3 BY janina
> Mar 8 10:25:06 sajka in.ftpd[2083]: connect from 208.36.95.171
> Mar 8 16:28:43 sajka login: ROOT LOGIN ON tty4
> Mar 8 19:02:37 sajka login: LOGIN ON tty1 BY janina
> Mar 8 19:02:43 sajka login: ROOT LOGIN ON tty2
> Mar 8 19:50:53 sajka login: LOGIN ON tty3 BY janina
> Mar 8 19:55:29 sajka in.telnetd[997]: connect from 129.186.142.115
> Mar 8 19:55:53 sajka login: LOGIN ON 0 BY collins FROM gene4.cc.iastate.edu
> Mar 8 20:54:06 sajka login: ROOT LOGIN ON tty4
> Mar 8 20:54:51 sajka login: ROOT LOGIN ON tty6
> Mar 9 12:10:00 sajka login: ROOT LOGIN ON tty2
> Mar 9 12:14:44 sajka login: LOGIN ON tty1 BY janina
> Mar 9 12:49:07 sajka login: LOGIN ON tty3 BY janina
> Mar 9 14:05:17 sajka login: LOGIN ON tty5 BY janina
> Mar 9 15:02:26 sajka in.ftpd[1222]: connect from 208.36.95.171
> Mar 9 15:10:50 sajka in.ftpd[1245]: connect from 208.36.95.171
> Mar 9 15:22:22 sajka in.ftpd[1306]: connect from 208.36.95.171
> Mar 9 15:25:23 sajka in.ftpd[1313]: connect from 208.36.95.171
> Mar 9 15:28:12 sajka in.ftpd[1321]: connect from 208.36.95.171
> Mar 9 15:52:47 sajka login: ROOT LOGIN ON tty4
> Mar 9 19:16:38 sajka login: ROOT LOGIN ON tty2
> Mar 9 19:59:56 sajka login: LOGIN ON tty1 BY janina
> Mar 9 20:01:07 sajka in.telnetd[693]: refused connect from 208.36.95.171
> Mar 9 20:01:29 sajka in.ftpd[700]: refused connect from 208.36.95.171
> Mar 9 20:27:02 sajka login: LOGIN ON tty3 BY janina
> Mar 10 00:08:12 sajka login: LOGIN ON tty1 BY janina
> Mar 10 00:09:30 sajka in.telnetd[598]: connect from 208.36.95.171
> Mar 10 00:09:47 sajka login: LOGIN ON 0 BY janina FROM 208.36.95.171
> Mar 10 00:10:05 sajka in.ftpd[616]: connect from 208.36.95.171
> Mar 10 00:11:24 sajka login: ROOT LOGIN ON tty2
> Mar 10 01:20:20 sajka login: ROOT LOGIN ON tty4
> Mar 10 01:21:14 sajka login: ROOT LOGIN ON tty4
> Mar 10 01:24:16 sajka login: ROOT LOGIN ON tty4
> Mar 10 09:40:50 sajka login: LOGIN ON tty3 BY janina
> Mar 10 12:56:24 sajka login: LOGIN ON tty5 BY janina
> Mar 10 17:48:01 sajka login: ROOT LOGIN ON tty6
> Mar 10 18:11:19 sajka in.ftpd[3517]: connect from 63.224.68.2
> Mar 10 23:04:55 sajka login: ROOT LOGIN ON tty2
> Mar 11 11:46:09 sajka login: ROOT LOGIN ON tty2
> Mar 12 21:47:36 sajka login: ROOT LOGIN ON tty2
> Mar 12 21:56:09 sajka login: ROOT LOGIN ON tty4
> Mar 12 21:59:22 sajka login: ROOT LOGIN ON tty2
> Mar 12 22:00:02 sajka login: ROOT LOGIN ON tty2
> Mar 12 22:00:18 sajka login: LOGIN ON tty3 BY janina
> Mar 13 14:09:32 sajka login: LOGIN ON tty1 BY janina
> Mar 13 14:09:43 sajka login: ROOT LOGIN ON tty2
> Mar 13 15:22:58 sajka login: LOGIN ON tty3 BY janina
> Mar 13 15:50:40 sajka login: ROOT LOGIN ON tty2
> Mar 13 15:50:49 sajka login: LOGIN ON tty3 BY janina
> Mar 13 16:05:49 sajka login: LOGIN ON tty1 BY janina
> Mar 13 16:51:03 sajka login: ROOT LOGIN ON tty4
> Mar 13 17:08:33 sajka login: ROOT LOGIN ON tty2
> Mar 13 17:11:49 sajka login: ROOT LOGIN ON tty4
> Mar 13 17:13:21 sajka login: ROOT LOGIN ON tty2
> Mar 13 17:23:23 sajka login: LOGIN ON tty3 BY janina
> Mar 13 19:48:40 sajka login: ROOT LOGIN ON tty4
> Mar 13 20:04:42 sajka login: ROOT LOGIN ON tty2
> Mar 13 20:09:54 sajka login: LOGIN ON tty3 BY janina
> Mar 13 20:43:10 sajka login: LOGIN ON tty1 BY janina
> Mar 13 22:38:16 sajka login: ROOT LOGIN ON tty2
> Mar 13 22:45:48 sajka login: ROOT LOGIN ON tty2
> Mar 13 22:58:23 sajka login: LOGIN ON tty1 BY janina
> Mar 13 23:02:30 sajka login: LOGIN ON tty1 BY janina
> Mar 13 23:04:45 sajka login: ROOT LOGIN ON tty2
> Mar 13 23:14:27 sajka login: ROOT LOGIN ON tty4
> Mar 13 23:16:54 sajka login: ROOT LOGIN ON tty2
> Mar 14 09:16:17 sajka login: LOGIN ON tty1 BY janina
> Mar 14 09:33:12 sajka login: LOGIN ON tty3 BY janina
> Mar 14 11:54:00 sajka login: ROOT LOGIN ON tty2
> Mar 14 12:52:19 sajka login: LOGIN ON tty1 BY janina
> Mar 14 13:12:40 sajka login: LOGIN ON tty3 BY janina
> Mar 14 17:50:24 sajka login: ROOT LOGIN ON tty2
> Mar 14 23:45:13 sajka login: ROOT LOGIN ON tty2
> Mar 14 23:48:17 sajka login: LOGIN ON tty1 BY janina
> Mar 15 00:01:38 sajka login: ROOT LOGIN ON tty2
> Mar 15 00:20:13 sajka login: ROOT LOGIN ON tty2
> Mar 15 08:51:04 sajka login: LOGIN ON tty1 BY janina
> Mar 15 09:06:43 sajka login: ROOT LOGIN ON tty2
> Mar 15 11:26:39 sajka login: LOGIN ON tty1 BY janina
> Mar 15 11:26:58 sajka login: ROOT LOGIN ON tty2
> Mar 15 11:38:50 sajka login: LOGIN ON tty3 BY janina
> Mar 15 13:51:26 sajka login: LOGIN ON tty5 BY janina
> Mar 15 14:40:35 sajka login: ROOT LOGIN ON tty4
> Mar 16 19:45:36 sajka in.telnetd[4798]: connect from 63.224.68.1
> Mar 16 19:45:52 sajka login: LOGIN ON 0 BY wacker FROM 63.224.68.1
> Mar 17 09:39:00 sajka login: ROOT LOGIN ON tty2
> Mar 17 09:47:39 sajka login: LOGIN ON tty1 BY janina
> Mar 17 09:57:16 sajka login: LOGIN ON tty3 BY janina
> Mar 17 14:26:39 sajka login: ROOT LOGIN ON tty2
> Mar 17 14:29:34 sajka login: LOGIN ON tty1 BY janina
> Mar 17 14:29:39 sajka in.ftpd[655]: connect from 151.200.20.29
> Mar 17 15:39:46 sajka login: LOGIN ON tty3 BY janina
> Mar 17 17:16:43 sajka in.ftpd[1116]: connect from 63.224.68.2
> Mar 19 11:35:31 sajka in.telnetd[5291]: connect from 208.36.95.171
> Mar 19 11:36:11 sajka in.telnetd[5294]: connect from 208.36.95.171
> Mar 19 11:36:21 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 19 12:02:51 sajka in.ftpd[5367]: connect from 208.36.95.171
> Mar 19 12:03:42 sajka in.telnetd[5369]: connect from 208.36.95.171
> Mar 19 12:04:00 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 19 12:05:45 sajka in.ftpd[5388]: connect from 208.36.95.171
> Mar 20 02:44:02 sajka in.ftpd[6704]: connect from 24.5.204.126
> Mar 20 10:08:39 sajka in.telnetd[7479]: connect from 208.36.95.171
> Mar 20 10:09:00 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 20 10:35:29 sajka in.telnetd[7541]: connect from 208.36.95.171
> Mar 20 10:35:57 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 21 18:46:05 sajka in.telnetd[10963]: connect from 208.36.95.171
> Mar 21 18:46:32 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 21 18:57:57 sajka in.ftpd[11010]: connect from 208.36.95.171
> Mar 21 22:14:09 sajka in.telnetd[11358]: connect from 208.36.95.171
> Mar 21 22:14:23 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 21 22:21:31 sajka in.ftpd[11386]: connect from 208.36.95.171
> Mar 21 23:22:40 sajka in.ftpd[11504]: connect from 208.36.95.171
> Mar 21 23:25:27 sajka in.telnetd[11508]: connect from 208.36.95.171
> Mar 21 23:25:43 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 22 01:21:34 sajka in.ftpd[11774]: connect from 208.36.95.171
> Mar 22 11:39:12 sajka in.telnetd[12797]: connect from 208.36.95.171
> Mar 22 11:39:27 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 22 11:49:58 sajka in.telnetd[12830]: connect from 208.36.95.171
> Mar 22 11:50:08 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 24 02:48:27 sajka in.telnetd[16851]: connect from 208.36.95.171
> Mar 24 02:48:41 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 24 20:09:55 sajka in.telnetd[18793]: connect from 166.102.116.151
> Mar 24 20:09:55 sajka imapd[18794]: refused connect from 166.102.116.151
> Mar 24 20:09:55 sajka ipop3d[18795]: connect from 166.102.116.151
> Mar 24 20:09:55 sajka ipop3d[18795]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Mar 24 20:09:55 sajka in.ftpd[18802]: connect from 166.102.116.151
> Mar 24 20:09:56 sajka in.telnetd[18809]: connect from 166.102.116.151
> Mar 24 20:10:02 sajka ipop3d[18813]: connect from 166.102.116.151
> Mar 24 20:10:02 sajka ipop3d[18813]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Mar 24 20:10:05 sajka imapd[18814]: refused connect from 166.102.116.151
> Mar 24 20:36:12 sajka in.telnetd[18876]: connect from 208.36.95.171
> Mar 24 20:36:28 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 27 01:24:55 sajka in.telnetd[24016]: connect from 208.36.95.171
> Mar 27 01:25:05 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 29 13:48:15 sajka in.telnetd[31048]: connect from 208.36.95.171
> Mar 29 13:48:34 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 30 00:36:36 sajka in.telnetd[32411]: connect from 208.36.95.171
> Mar 30 00:36:48 sajka login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Apr 1 11:41:54 sajka login: LOGIN ON tty1 BY janina
> Apr 1 12:26:49 sajka login: LOGIN ON tty3 BY janina
> Apr 1 14:06:21 sajka login: ROOT LOGIN ON tty2
> Apr 2 10:44:46 sajka login: ROOT LOGIN ON tty2
> Apr 2 11:10:18 sajka login: LOGIN ON tty1 BY janina
> Apr 2 11:17:44 sajka login: LOGIN ON tty3 BY janina
> Apr 2 14:35:35 sajka login: ROOT LOGIN ON tty4
> Apr 2 14:39:08 sajka login: ROOT LOGIN ON tty6
> Apr 2 15:57:55 sajka login: ROOT LOGIN ON tty1
> Apr 2 16:01:45 sajka login: LOGIN ON tty1 BY janina
> Apr 2 16:01:55 sajka login: ROOT LOGIN ON tty2
> Apr 2 16:05:33 sajka login: LOGIN ON tty3 BY janina
> Apr 2 16:33:56 sajka login: ROOT LOGIN ON tty4
> Apr 2 18:59:48 sajka login: LOGIN ON tty5 BY janina
> Apr 3 22:32:38 sajka login: LOGIN ON tty1 BY janina
> Apr 3 22:32:45 sajka login: ROOT LOGIN ON tty2
> Apr 3 22:39:55 sajka login: LOGIN ON tty1 BY janina
> Apr 3 22:40:00 sajka login: ROOT LOGIN ON tty2
> Apr 3 22:49:17 sajka login: LOGIN ON tty1 BY janina
> Apr 3 22:49:32 sajka login: ROOT LOGIN ON tty2
> Apr 4 09:59:28 sajka login: LOGIN ON tty3 BY janina
> Apr 4 10:42:12 sajka login: LOGIN ON tty1 BY janina
> Apr 4 10:42:20 sajka login: ROOT LOGIN ON tty2
> Apr 4 11:00:27 sajka login: ROOT LOGIN ON tty2
> Apr 4 11:31:07 sajka login: ROOT LOGIN ON tty1
> Apr 4 11:42:04 sajka login: ROOT LOGIN ON tty1
> Apr 4 11:55:03 sajka login: ROOT LOGIN ON tty1
> Apr 4 12:26:11 sajka login: ROOT LOGIN ON tty1
> Apr 4 13:13:07 sajka login: ROOT LOGIN ON tty1
> Apr 4 14:27:25 sajka login: LOGIN ON tty1 BY janina
> Apr 4 15:21:25 sajka login: ROOT LOGIN ON tty2
> Apr 4 16:04:16 sajka login: ROOT LOGIN ON tty4
> Apr 4 16:14:24 sajka login: LOGIN ON tty3 BY janina
> Apr 4 17:07:20 sajka login: LOGIN ON tty1 BY janina
> Apr 4 17:07:40 sajka login: ROOT LOGIN ON tty2
> Apr 4 17:18:27 sajka login: LOGIN ON tty3 BY janina
> Apr 4 17:22:18 sajka login: ROOT LOGIN ON tty4
> Apr 4 19:00:02 sajka login: LOGIN ON tty5 BY janina
> Apr 4 19:07:32 sajka login: ROOT LOGIN ON tty4
> Apr 4 19:54:41 sajka login: ROOT LOGIN ON tty2
> Apr 4 22:13:27 sajka login: ROOT LOGIN ON tty2
> Apr 5 08:47:17 sajka login: LOGIN ON tty1 BY janina
> Apr 5 08:47:28 sajka login: ROOT LOGIN ON tty2
> Apr 5 10:23:27 sajka login: LOGIN ON tty1 BY janina
> Apr 5 10:23:32 sajka login: ROOT LOGIN ON tty2
> Apr 5 13:15:52 sajka login: ROOT LOGIN ON tty4
> Apr 5 13:36:53 sajka login: LOGIN ON tty1 BY janina
> Apr 5 13:37:03 sajka login: ROOT LOGIN ON tty2
> Apr 5 13:39:06 sajka login: LOGIN ON tty3 BY janina
> Apr 5 13:40:10 sajka login: ROOT LOGIN ON tty4
> Apr 5 18:15:41 sajka login: ROOT LOGIN ON tty1
> Apr 5 18:31:45 sajka login: ROOT LOGIN ON tty1
> Apr 5 19:28:25 sajka login: ROOT LOGIN ON tty2
> Apr 5 19:45:50 sajka login: LOGIN ON tty1 BY janina
> Apr 5 21:23:25 sajka login: ROOT LOGIN ON tty1
> Apr 5 22:08:29 sajka login: ROOT LOGIN ON tty1
> Apr 5 22:47:32 sajka login: ROOT LOGIN ON tty1
> Apr 5 23:05:35 sajka login: ROOT LOGIN ON tty1
> Apr 6 01:06:24 sajka login: ROOT LOGIN ON tty1
> Apr 6 09:56:37 sajka login: ROOT LOGIN ON tty1
> Apr 6 11:00:59 sajka login: ROOT LOGIN ON tty1
> Apr 6 11:02:48 sajka login: LOGIN ON tty2 BY janina
> Apr 6 13:31:12 sajka login: ROOT LOGIN ON tty1
> Apr 6 14:09:19 sajka login: ROOT LOGIN ON tty2
> Apr 6 16:41:56 sajka login: ROOT LOGIN ON tty1
> Apr 6 20:33:13 sajka login: ROOT LOGIN ON tty1
> Apr 6 20:41:11 sajka login: ROOT LOGIN ON tty1
> Apr 6 20:53:08 sajka login: ROOT LOGIN ON tty2
> Apr 6 23:16:54 sajka login: ROOT LOGIN ON tty1
> Apr 6 23:58:48 sajka login: ROOT LOGIN ON tty1
> Apr 7 01:02:49 sajka login: ROOT LOGIN ON tty1
> Apr 7 01:29:05 sajka login: ROOT LOGIN ON tty1
> Apr 7 01:33:15 sajka login: ROOT LOGIN ON tty1
> Apr 7 01:39:22 sajka login: ROOT LOGIN ON tty1
> Apr 7 01:43:50 sajka login: LOGIN ON tty1 BY janina
> Apr 7 01:44:56 sajka login: ROOT LOGIN ON tty2
> Apr 7 09:56:48 sajka login: ROOT LOGIN ON tty2
> Apr 7 09:57:47 sajka login: LOGIN ON tty1 BY janina
> Apr 7 09:58:11 sajka login: ROOT LOGIN ON tty2
> Apr 7 10:04:15 sajka login: LOGIN ON tty1 BY janina
> Apr 7 10:05:37 sajka login: LOGIN ON tty1 BY janina
> Apr 7 10:07:38 sajka login: ROOT LOGIN ON tty2
> Apr 7 10:10:32 sajka login: LOGIN ON tty1 BY janina
> Apr 7 13:19:51 sajka login: ROOT LOGIN ON tty2
> Apr 7 13:22:26 sajka login: LOGIN ON tty1 BY janina
> Apr 7 16:23:09 sajka login: LOGIN ON tty3 BY janina
> Apr 7 16:26:39 sajka login: ROOT LOGIN ON tty2
> Apr 7 17:53:30 sajka login: ROOT LOGIN ON tty4
> Apr 7 18:39:54 sajka login: LOGIN ON tty1 BY janina
> Apr 7 18:40:21 sajka login: ROOT LOGIN ON tty2
> Apr 7 20:46:48 sajka in.telnetd[1401]: connect from 192.168.1.239
> Apr 7 22:45:53 sajka ipop3d[2234]: connect from 192.168.1.250
> Apr 7 22:45:53 sajka ipop3d[2234]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 22:45:58 sajka ipop3d[2235]: connect from 192.168.1.250
> Apr 7 22:45:58 sajka ipop3d[2235]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 22:46:03 sajka ipop3d[2237]: connect from 192.168.1.250
> Apr 7 22:46:03 sajka ipop3d[2237]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 22:51:08 sajka ipop3d[2264]: connect from 192.168.1.250
> Apr 7 22:51:08 sajka ipop3d[2264]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 22:51:13 sajka ipop3d[2265]: connect from 192.168.1.250
> Apr 7 22:51:13 sajka ipop3d[2265]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 22:51:18 sajka ipop3d[2266]: connect from 192.168.1.250
> Apr 7 22:51:18 sajka ipop3d[2266]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 22:56:23 sajka ipop3d[2405]: connect from 192.168.1.250
> Apr 7 22:56:23 sajka ipop3d[2405]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 22:56:28 sajka ipop3d[2406]: connect from 192.168.1.250
> Apr 7 22:56:28 sajka ipop3d[2406]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 22:56:33 sajka ipop3d[2407]: connect from 192.168.1.250
> Apr 7 22:56:33 sajka ipop3d[2407]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 23:01:38 sajka ipop3d[2432]: connect from 192.168.1.250
> Apr 7 23:01:38 sajka ipop3d[2432]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 23:01:43 sajka ipop3d[2433]: connect from 192.168.1.250
> Apr 7 23:01:43 sajka ipop3d[2433]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 23:01:48 sajka ipop3d[2434]: connect from 192.168.1.250
> Apr 7 23:01:48 sajka ipop3d[2434]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 23:06:53 sajka ipop3d[2441]: connect from 192.168.1.250
> Apr 7 23:06:53 sajka ipop3d[2441]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 23:06:58 sajka ipop3d[2442]: connect from 192.168.1.250
> Apr 7 23:06:58 sajka ipop3d[2442]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 23:07:03 sajka ipop3d[2443]: connect from 192.168.1.250
> Apr 7 23:07:03 sajka ipop3d[2443]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 23:12:08 sajka ipop3d[2461]: connect from 192.168.1.250
> Apr 7 23:12:08 sajka ipop3d[2461]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 23:12:13 sajka ipop3d[2463]: connect from 192.168.1.250
> Apr 7 23:12:13 sajka ipop3d[2463]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 23:12:18 sajka ipop3d[2464]: connect from 192.168.1.250
> Apr 7 23:12:18 sajka ipop3d[2464]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 23:17:23 sajka ipop3d[2492]: connect from 192.168.1.250
> Apr 7 23:17:23 sajka ipop3d[2492]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 23:17:28 sajka ipop3d[2493]: connect from 192.168.1.250
> Apr 7 23:17:28 sajka ipop3d[2493]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 7 23:17:33 sajka ipop3d[2494]: connect from 192.168.1.250
> Apr 7 23:17:33 sajka ipop3d[2494]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 8 00:02:09 sajka login: LOGIN ON tty3 BY janina
> Apr 8 00:39:49 adsl-151-200-20-29 login: ROOT LOGIN ON tty1
> Apr 8 02:36:27 adsl-151-200-20-29 in.telnetd[1033]: connect from 208.166.24.190
> Apr 8 10:51:22 adsl-151-200-20-29 login: LOGIN ON tty1 BY janina
> Apr 8 11:39:21 adsl-151-200-20-29 login: LOGIN ON tty3 BY janina
> Apr 8 11:39:45 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
> Apr 8 11:51:11 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
> Apr 8 11:59:26 adsl-151-200-20-29 login: LOGIN ON tty3 BY janina
> Apr 8 12:05:51 adsl-151-200-20-29 login: LOGIN ON tty3 BY janina
> Apr 8 12:07:26 adsl-151-200-20-29 login: LOGIN ON tty3 BY janina
> Apr 8 12:40:56 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
> Apr 8 13:20:49 adsl-151-200-20-29 login: ROOT LOGIN ON tty4
> Apr 8 13:29:21 adsl-151-200-20-29 login: ROOT LOGIN ON tty4
> Apr 8 16:34:18 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
> Apr 8 16:48:36 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
> Apr 8 17:06:34 adsl-151-200-20-29 login: ROOT LOGIN ON tty4
> Apr 9 15:46:59 adsl-151-200-20-29 login: ROOT LOGIN ON tty1
> Apr 9 17:01:02 adsl-151-200-20-29 login: ROOT LOGIN ON tty1
> Apr 9 17:01:23 adsl-151-200-20-29 in.telnetd[8511]: connect from 192.168.1.253
> Apr 9 17:18:07 isrd login: ROOT LOGIN ON tty2
> Apr 9 17:58:30 isrd login: LOGIN ON tty3 BY janina
> Apr 9 19:15:31 isrd in.telnetd[1315]: connect from 192.168.1.239
> Apr 9 19:18:17 isrd in.telnetd[1322]: connect from 192.168.1.239
> Apr 9 19:18:22 isrd login: LOGIN ON 0 BY janina FROM 192.168.1.239
> Apr 9 19:58:28 isrd login: ROOT LOGIN ON tty2
> Apr 9 20:25:06 isrd in.ftpd[1022]: connect from 192.168.1.239
> Apr 9 20:25:53 isrd in.ftpd[1023]: connect from 192.168.1.239
> Apr 9 20:35:36 isrd in.ftpd[1135]: connect from 192.168.1.239
> Apr 9 21:32:13 isrd in.ftpd[1699]: connect from 192.168.1.239
> Apr 9 21:33:46 isrd in.ftpd[1701]: connect from 192.168.1.239
> Apr 9 21:34:52 isrd in.ftpd[1703]: connect from 192.168.1.239
> Apr 9 21:46:05 isrd login: ROOT LOGIN ON tty2
> Apr 9 21:47:34 isrd in.ftpd[881]: connect from 208.36.95.171
> Apr 9 21:48:30 isrd login: ROOT LOGIN ON tty4
> Apr 9 21:50:15 isrd in.ftpd[909]: connect from 208.36.95.171
> Apr 9 21:57:00 isrd in.ftpd[991]: connect from 208.36.95.171
> Apr 9 22:02:33 isrd in.ftpd[1008]: connect from 192.168.1.239
> Apr 9 22:12:23 isrd login: ROOT LOGIN ON tty2
> Apr 9 22:43:05 isrd login: LOGIN ON tty1 BY janina
> Apr 10 10:18:03 isrd login: ROOT LOGIN ON tty2
> Apr 10 10:21:14 isrd login: LOGIN ON tty1 BY janina
> Apr 10 11:28:07 isrd login: LOGIN ON tty3 BY janina
> Apr 10 11:35:17 isrd login: LOGIN ON tty1 BY janina
> Apr 10 11:35:25 isrd login: ROOT LOGIN ON tty2
> Apr 10 11:38:27 isrd login: LOGIN ON tty3 BY janina
> Apr 10 11:44:55 isrd login: ROOT LOGIN ON tty4
> Apr 10 13:15:20 isrd login: ROOT LOGIN ON tty2
> Apr 10 13:22:39 isrd login: LOGIN ON tty1 BY janina
> Apr 10 13:25:16 isrd login: LOGIN ON tty3 BY janina
> Apr 10 13:38:26 isrd login: ROOT LOGIN ON tty4
> Apr 10 14:16:54 isrd login: LOGIN ON tty1 BY janina
> Apr 10 14:54:31 isrd login: LOGIN ON tty1 BY janina
> Apr 10 15:05:41 isrd login: LOGIN ON tty1 BY janina
> Apr 10 15:06:49 isrd login: ROOT LOGIN ON tty2
> Apr 10 15:12:39 isrd login: ROOT LOGIN ON tty2
> Apr 10 15:13:39 isrd login: ROOT LOGIN ON tty2
> Apr 10 16:17:08 isrd login: ROOT LOGIN ON tty4
> Apr 10 16:17:17 isrd login: LOGIN ON tty3 BY janina
> Apr 10 18:00:08 isrd login: ROOT LOGIN ON tty2
> Apr 10 18:27:18 isrd login: LOGIN ON tty1 BY janina
> Apr 10 18:53:23 isrd login: ROOT LOGIN ON tty2
> Apr 10 18:58:47 isrd login: LOGIN ON tty1 BY janina
> Apr 10 18:59:57 isrd login: LOGIN ON tty3 BY janina
> Apr 10 19:55:15 isrd login: ROOT LOGIN ON tty1
> Apr 10 22:30:26 isrd login: LOGIN ON tty1 BY janina
> Apr 10 22:30:58 isrd login: ROOT LOGIN ON tty2
> Apr 10 23:46:42 isrd login: LOGIN ON tty3 BY janina
> Apr 11 11:28:37 isrd login: LOGIN ON tty1 BY janina
> Apr 11 16:40:58 isrd login: ROOT LOGIN ON tty4
> Apr 11 18:34:27 isrd login: LOGIN ON tty5 BY janina
> Apr 11 19:13:20 isrd login: ROOT LOGIN ON tty2
> Apr 11 19:15:16 isrd login: LOGIN ON tty1 BY janina
> Apr 11 19:30:08 isrd in.telnetd[935]: connect from 208.36.95.171
> Apr 11 19:30:30 isrd login: LOGIN ON 0 BY janina FROM w171.z208036095.nyc-ny.dsl.cnc.net
> Apr 11 20:29:50 isrd in.telnetd[1194]: connect from 63.224.68.2
> Apr 11 20:36:56 isrd in.ftpd[1229]: connect from 192.168.1.239
> Apr 11 20:58:13 isrd login: ROOT LOGIN ON tty4
> Apr 11 20:59:38 isrd login: ROOT LOGIN ON tty4
> Apr 11 21:32:23 isrd login: ROOT LOGIN ON tty2
> Apr 11 21:36:47 isrd login: ROOT LOGIN ON tty2
> Apr 11 21:51:16 isrd login: ROOT LOGIN ON tty2
> Apr 11 22:12:26 isrd in.ftpd[1984]: connect from 192.168.1.239
> Apr 11 22:29:59 isrd in.ftpd[2004]: connect from 192.168.1.239
> Apr 11 22:50:37 isrd login: ROOT LOGIN ON tty4
> Apr 11 23:25:22 isrd login: LOGIN ON tty1 BY janina
> Apr 11 23:40:23 isrd ipop3d[2300]: connect from 151.200.19.201
> Apr 11 23:40:23 isrd ipop3d[2300]: error: cannot execute /usr/sbin/ipop3d: No such file or directory
> Apr 11 23:40:23 isrd in.fingerd[2306]: connect from 151.200.19.201
> Apr 11 23:42:01 isrd in.ftpd[2363]: connect from 151.200.19.201
> Apr 11 23:42:24 isrd in.ftpd[2373]: connect from 151.200.19.201
>
> And another version of the facts, just the facts:
>
> Apr 11 23:40:23 isrd portmap[2303]: connect from 151.200.19.201 to dump(): request from unauthorized host
> Apr 12 03:40:51 isrd ftpd[2298]: refused PORT 199.199.199.199,2570 from adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 11 23:42:13 isrd sendmail[2368]: NOQUEUE: "wiz" command from adsl-151-200-19-201.bellatlantic.net [151.200.19.201] (151.200.19.201)
> Apr 11 23:42:14 isrd sendmail[2371]: XAA02371: "debug" command from adsl-151-200-19-201.bellatlantic.net [151.200.19.201] (151.200.19.201)
> Apr 11 23:42:45 isrd PAM-securetty[2377]: Error opening /etc/securetty
>
> And, finally:
>
> Apr 11 23:40:23 isrd portmap[2303]: connect from 151.200.19.201 to dump(): request from unauthorized host
> Apr 12 03:40:51 isrd ftpd[2298]: ANONYMOUS FTP LOGIN FROM adsl-151-200-19-201.bellatlantic.net [151.200.19.201], cis@security.check
> Apr 12 03:40:51 isrd ftpd[2298]: refused PORT 199.199.199.199,2570 from adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 12 03:40:51 isrd ftpd[2298]: FTP session closed
> Apr 12 03:42:01 isrd ftpd[2363]: ANONYMOUS FTP LOGIN FROM adsl-151-200-19-201.bellatlantic.net [151.200.19.201], IE40user@
> Apr 12 03:42:24 isrd ftpd[2373]: ANONYMOUS FTP LOGIN FROM adsl-151-200-19-201.bellatlantic.net [151.200.19.201], IE40user@
> Apr 12 03:48:27 isrd ftpd[2373]: lost connection to adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 12 03:48:27 isrd ftpd[2373]: FTP session closed
>
> That's right. They came back four hours later to poke around in person via
> anonymous ftp. What did they want? How about a file with the net address
> for about a dozen time servers? <grin>
>
> Wed Apr 12 03:42:25 2000 1 adsl-151-200-19-201.bellatlantic.net 562 /home/ftp/pub/misc/ntp-servers.txt b _ o a IE40user@ ftp 0 * c
>
> So, if I'm crowing any, it's thanks to the great Bastille scripts. I would
> not have known enough to have plugged all of these holes myself yet. And,
> I'd be a very unhappy camper had I not used Bastille.
>
> Thanks, Peter, and the rest of ya'all. --
>
> Janina Sajka, Director
> Information Systems Research & Development
> American Foundation for the Blind (AFB)
>
> janina@afb.net
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Thanks to Bastille, I'm Still Alive
Thanks to Bastille, I'm Still Alive Janina Sajka
` cpt.kirk
` wabe
@ ` Victor Tsaran
2 siblings, 0 replies; 4+ messages in thread
From: Victor Tsaran @ UTC (permalink / raw)
To: speakup
Yeah, it looks like these guys were trying to do a bit! Your first and very
simple trick is to disable as many as possible unused system ports, up to
1024. Better yet to go with firewall.
Regards,
Vic
----- Original Message -----
From: "Janina Sajka" <janina@afb.net>
To: <ma-linux@tux.org>; <speakup@braille.uwo.ca>
Sent: Wednesday, April 12, 2000 9:05 PM
Subject: Thanks to Bastille, I'm Still Alive
> At least, I don't think my attacker managed to do much. Since I'm new
> enough to all of this, I'm posting the relevant snipets from some of my
> logs below. I can't imagine I would be in such shape had I not run
> Bastille a couple of months ago--even though I didn't take all of the
> advice in the Bastille scripts.
>
> I might not even have noticed the attack for awhile, had I not been on the
> system with Bill Acker and Frankie Carmickle on the phone with me. And,
> we'd just fixed my sendmail problem! Just in time to be atacked.
>
> First, and most important: What authority should I advise of this
> outrage? Who are the relevant gendarmes?
>
> Second, and least clear to me--Did they do any damage to my mail? Seems
> the relay request was canned, as was the request to root. But it looks to
> me like debug and stats commands were honored. What does that mean? Here's
> from maillog:
>
> Apr 11 23:40:51 isrd sendmail[2358]: NOQUEUE:
adsl-151-200-19-201.bellatlantic.net [151.200.19.201]: vrfy root
> Apr 11 23:40:51 isrd sendmail[2359]: NOQUEUE:
adsl-151-200-19-201.bellatlantic.net [151.200.19.201]: expn root
> Apr 11 23:40:51 isrd sendmail[2360]: NOQUEUE:
adsl-151-200-19-201.bellatlantic.net [151.200.19.201]: expn decode
> Apr 11 23:42:13 isrd sendmail[2361]: XAA02361: ruleset=check_rcpt,
arg1=<scan@cerberus-infosec.co.uk>,
relay=adsl-151-200-19-201.bellatlantic.net [151.200.19.201], reject=551 we
do not relay
> Apr 11 23:42:13 isrd sendmail[2361]: XAA02361:
from=<cis@cerberus-infosec.co.uk>, size=0, class=0, pri=0, nrcpts=0,
proto=SMTP, relay=adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 11 23:42:13 isrd sendmail[2369]: XAA02369: setsender: |root: invalid
or unparseable, received from adsl-151-200-19-201.bellatlantic.net
[151.200.19.201]
> Apr 11 23:42:13 isrd sendmail[2369]: XAA02369: from=|root, size=0,
class=0, pri=0, nrcpts=0, proto=SMTP,
relay=adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 11 23:42:13 isrd sendmail[2368]: NOQUEUE: "wiz" command from
adsl-151-200-19-201.bellatlantic.net [151.200.19.201] (151.200.19.201)
> Apr 11 23:42:14 isrd sendmail[2371]: XAA02371: |cisscan... Cannot mail
directly to programs
> Apr 11 23:42:14 isrd sendmail[2371]: XAA02371: "debug" command from
adsl-151-200-19-201.bellatlantic.net [151.200.19.201] (151.200.19.201)
> Apr 11 23:42:14 isrd sendmail[2371]: XAA02371:
from=<scan@cerberus-infosec.co.uk>, size=0, class=0, pri=0, nrcpts=0,
proto=SMTP, relay=adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 11 23:43:03 isrd sendmail[2399]: XAA02399: from=root, size=42,
class=0, pri=30042, nrcpts=1,
msgid=<200004120343.XAA02399@adsl-151-200-20-29.bellatlantic.net>,
relay=root@localhost
> Apr 11 23:43:03 isrd sendmail[2407]: XAA02399: to=isos, ctladdr=root
(0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, stat=Sent
>
>
> I now have the 151. zone in hosts.deny so don't expect to hear from this
> <explitive deleted> again--not from 151.200.19.201, at least. I think the
> other probes were repelled. Am I wrong? Here's some more log data:
>
> Mar 6 08:54:34 sajka login: LOGIN ON tty1 BY janina
> Mar 6 08:56:26 sajka login: ROOT LOGIN ON tty2
> Mar 6 15:10:07 sajka login: LOGIN ON tty3 BY janina
> Mar 7 06:54:54 sajka login: LOGIN ON tty1 BY janina
> Mar 7 06:55:04 sajka login: ROOT LOGIN ON tty2
> Mar 7 09:07:45 sajka login: LOGIN ON tty1 BY janina
> Mar 7 09:07:51 sajka login: ROOT LOGIN ON tty2
> Mar 7 12:14:45 sajka login: LOGIN ON tty3 BY janina
> Mar 7 13:54:46 sajka login: LOGIN ON tty1 BY janina
> Mar 7 13:54:53 sajka login: ROOT LOGIN ON tty2
> Mar 7 15:00:38 sajka login: LOGIN ON tty3 BY janina
> Mar 7 15:40:40 sajka login: LOGIN ON tty4 BY janina
> Mar 7 15:47:38 sajka login: LOGIN ON tty5 BY janina
> Mar 7 17:20:33 sajka in.ftpd[1238]: connect from 129.186.142.10
> Mar 7 17:23:09 sajka in.ftpd[1246]: connect from 129.186.142.10
> Mar 7 19:12:03 sajka login: ROOT LOGIN ON tty4
> Mar 7 19:42:41 sajka login: LOGIN ON tty1 BY janina
> Mar 7 19:48:20 sajka login: ROOT LOGIN ON tty2
> Mar 7 21:50:10 sajka login: LOGIN ON tty3 BY janina
> Mar 8 10:25:06 sajka in.ftpd[2083]: connect from 208.36.95.171
> Mar 8 16:28:43 sajka login: ROOT LOGIN ON tty4
> Mar 8 19:02:37 sajka login: LOGIN ON tty1 BY janina
> Mar 8 19:02:43 sajka login: ROOT LOGIN ON tty2
> Mar 8 19:50:53 sajka login: LOGIN ON tty3 BY janina
> Mar 8 19:55:29 sajka in.telnetd[997]: connect from 129.186.142.115
> Mar 8 19:55:53 sajka login: LOGIN ON 0 BY collins FROM
gene4.cc.iastate.edu
> Mar 8 20:54:06 sajka login: ROOT LOGIN ON tty4
> Mar 8 20:54:51 sajka login: ROOT LOGIN ON tty6
> Mar 9 12:10:00 sajka login: ROOT LOGIN ON tty2
> Mar 9 12:14:44 sajka login: LOGIN ON tty1 BY janina
> Mar 9 12:49:07 sajka login: LOGIN ON tty3 BY janina
> Mar 9 14:05:17 sajka login: LOGIN ON tty5 BY janina
> Mar 9 15:02:26 sajka in.ftpd[1222]: connect from 208.36.95.171
> Mar 9 15:10:50 sajka in.ftpd[1245]: connect from 208.36.95.171
> Mar 9 15:22:22 sajka in.ftpd[1306]: connect from 208.36.95.171
> Mar 9 15:25:23 sajka in.ftpd[1313]: connect from 208.36.95.171
> Mar 9 15:28:12 sajka in.ftpd[1321]: connect from 208.36.95.171
> Mar 9 15:52:47 sajka login: ROOT LOGIN ON tty4
> Mar 9 19:16:38 sajka login: ROOT LOGIN ON tty2
> Mar 9 19:59:56 sajka login: LOGIN ON tty1 BY janina
> Mar 9 20:01:07 sajka in.telnetd[693]: refused connect from 208.36.95.171
> Mar 9 20:01:29 sajka in.ftpd[700]: refused connect from 208.36.95.171
> Mar 9 20:27:02 sajka login: LOGIN ON tty3 BY janina
> Mar 10 00:08:12 sajka login: LOGIN ON tty1 BY janina
> Mar 10 00:09:30 sajka in.telnetd[598]: connect from 208.36.95.171
> Mar 10 00:09:47 sajka login: LOGIN ON 0 BY janina FROM 208.36.95.171
> Mar 10 00:10:05 sajka in.ftpd[616]: connect from 208.36.95.171
> Mar 10 00:11:24 sajka login: ROOT LOGIN ON tty2
> Mar 10 01:20:20 sajka login: ROOT LOGIN ON tty4
> Mar 10 01:21:14 sajka login: ROOT LOGIN ON tty4
> Mar 10 01:24:16 sajka login: ROOT LOGIN ON tty4
> Mar 10 09:40:50 sajka login: LOGIN ON tty3 BY janina
> Mar 10 12:56:24 sajka login: LOGIN ON tty5 BY janina
> Mar 10 17:48:01 sajka login: ROOT LOGIN ON tty6
> Mar 10 18:11:19 sajka in.ftpd[3517]: connect from 63.224.68.2
> Mar 10 23:04:55 sajka login: ROOT LOGIN ON tty2
> Mar 11 11:46:09 sajka login: ROOT LOGIN ON tty2
> Mar 12 21:47:36 sajka login: ROOT LOGIN ON tty2
> Mar 12 21:56:09 sajka login: ROOT LOGIN ON tty4
> Mar 12 21:59:22 sajka login: ROOT LOGIN ON tty2
> Mar 12 22:00:02 sajka login: ROOT LOGIN ON tty2
> Mar 12 22:00:18 sajka login: LOGIN ON tty3 BY janina
> Mar 13 14:09:32 sajka login: LOGIN ON tty1 BY janina
> Mar 13 14:09:43 sajka login: ROOT LOGIN ON tty2
> Mar 13 15:22:58 sajka login: LOGIN ON tty3 BY janina
> Mar 13 15:50:40 sajka login: ROOT LOGIN ON tty2
> Mar 13 15:50:49 sajka login: LOGIN ON tty3 BY janina
> Mar 13 16:05:49 sajka login: LOGIN ON tty1 BY janina
> Mar 13 16:51:03 sajka login: ROOT LOGIN ON tty4
> Mar 13 17:08:33 sajka login: ROOT LOGIN ON tty2
> Mar 13 17:11:49 sajka login: ROOT LOGIN ON tty4
> Mar 13 17:13:21 sajka login: ROOT LOGIN ON tty2
> Mar 13 17:23:23 sajka login: LOGIN ON tty3 BY janina
> Mar 13 19:48:40 sajka login: ROOT LOGIN ON tty4
> Mar 13 20:04:42 sajka login: ROOT LOGIN ON tty2
> Mar 13 20:09:54 sajka login: LOGIN ON tty3 BY janina
> Mar 13 20:43:10 sajka login: LOGIN ON tty1 BY janina
> Mar 13 22:38:16 sajka login: ROOT LOGIN ON tty2
> Mar 13 22:45:48 sajka login: ROOT LOGIN ON tty2
> Mar 13 22:58:23 sajka login: LOGIN ON tty1 BY janina
> Mar 13 23:02:30 sajka login: LOGIN ON tty1 BY janina
> Mar 13 23:04:45 sajka login: ROOT LOGIN ON tty2
> Mar 13 23:14:27 sajka login: ROOT LOGIN ON tty4
> Mar 13 23:16:54 sajka login: ROOT LOGIN ON tty2
> Mar 14 09:16:17 sajka login: LOGIN ON tty1 BY janina
> Mar 14 09:33:12 sajka login: LOGIN ON tty3 BY janina
> Mar 14 11:54:00 sajka login: ROOT LOGIN ON tty2
> Mar 14 12:52:19 sajka login: LOGIN ON tty1 BY janina
> Mar 14 13:12:40 sajka login: LOGIN ON tty3 BY janina
> Mar 14 17:50:24 sajka login: ROOT LOGIN ON tty2
> Mar 14 23:45:13 sajka login: ROOT LOGIN ON tty2
> Mar 14 23:48:17 sajka login: LOGIN ON tty1 BY janina
> Mar 15 00:01:38 sajka login: ROOT LOGIN ON tty2
> Mar 15 00:20:13 sajka login: ROOT LOGIN ON tty2
> Mar 15 08:51:04 sajka login: LOGIN ON tty1 BY janina
> Mar 15 09:06:43 sajka login: ROOT LOGIN ON tty2
> Mar 15 11:26:39 sajka login: LOGIN ON tty1 BY janina
> Mar 15 11:26:58 sajka login: ROOT LOGIN ON tty2
> Mar 15 11:38:50 sajka login: LOGIN ON tty3 BY janina
> Mar 15 13:51:26 sajka login: LOGIN ON tty5 BY janina
> Mar 15 14:40:35 sajka login: ROOT LOGIN ON tty4
> Mar 16 19:45:36 sajka in.telnetd[4798]: connect from 63.224.68.1
> Mar 16 19:45:52 sajka login: LOGIN ON 0 BY wacker FROM 63.224.68.1
> Mar 17 09:39:00 sajka login: ROOT LOGIN ON tty2
> Mar 17 09:47:39 sajka login: LOGIN ON tty1 BY janina
> Mar 17 09:57:16 sajka login: LOGIN ON tty3 BY janina
> Mar 17 14:26:39 sajka login: ROOT LOGIN ON tty2
> Mar 17 14:29:34 sajka login: LOGIN ON tty1 BY janina
> Mar 17 14:29:39 sajka in.ftpd[655]: connect from 151.200.20.29
> Mar 17 15:39:46 sajka login: LOGIN ON tty3 BY janina
> Mar 17 17:16:43 sajka in.ftpd[1116]: connect from 63.224.68.2
> Mar 19 11:35:31 sajka in.telnetd[5291]: connect from 208.36.95.171
> Mar 19 11:36:11 sajka in.telnetd[5294]: connect from 208.36.95.171
> Mar 19 11:36:21 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 19 12:02:51 sajka in.ftpd[5367]: connect from 208.36.95.171
> Mar 19 12:03:42 sajka in.telnetd[5369]: connect from 208.36.95.171
> Mar 19 12:04:00 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 19 12:05:45 sajka in.ftpd[5388]: connect from 208.36.95.171
> Mar 20 02:44:02 sajka in.ftpd[6704]: connect from 24.5.204.126
> Mar 20 10:08:39 sajka in.telnetd[7479]: connect from 208.36.95.171
> Mar 20 10:09:00 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 20 10:35:29 sajka in.telnetd[7541]: connect from 208.36.95.171
> Mar 20 10:35:57 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 21 18:46:05 sajka in.telnetd[10963]: connect from 208.36.95.171
> Mar 21 18:46:32 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 21 18:57:57 sajka in.ftpd[11010]: connect from 208.36.95.171
> Mar 21 22:14:09 sajka in.telnetd[11358]: connect from 208.36.95.171
> Mar 21 22:14:23 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 21 22:21:31 sajka in.ftpd[11386]: connect from 208.36.95.171
> Mar 21 23:22:40 sajka in.ftpd[11504]: connect from 208.36.95.171
> Mar 21 23:25:27 sajka in.telnetd[11508]: connect from 208.36.95.171
> Mar 21 23:25:43 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 22 01:21:34 sajka in.ftpd[11774]: connect from 208.36.95.171
> Mar 22 11:39:12 sajka in.telnetd[12797]: connect from 208.36.95.171
> Mar 22 11:39:27 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 22 11:49:58 sajka in.telnetd[12830]: connect from 208.36.95.171
> Mar 22 11:50:08 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 24 02:48:27 sajka in.telnetd[16851]: connect from 208.36.95.171
> Mar 24 02:48:41 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 24 20:09:55 sajka in.telnetd[18793]: connect from 166.102.116.151
> Mar 24 20:09:55 sajka imapd[18794]: refused connect from 166.102.116.151
> Mar 24 20:09:55 sajka ipop3d[18795]: connect from 166.102.116.151
> Mar 24 20:09:55 sajka ipop3d[18795]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Mar 24 20:09:55 sajka in.ftpd[18802]: connect from 166.102.116.151
> Mar 24 20:09:56 sajka in.telnetd[18809]: connect from 166.102.116.151
> Mar 24 20:10:02 sajka ipop3d[18813]: connect from 166.102.116.151
> Mar 24 20:10:02 sajka ipop3d[18813]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Mar 24 20:10:05 sajka imapd[18814]: refused connect from 166.102.116.151
> Mar 24 20:36:12 sajka in.telnetd[18876]: connect from 208.36.95.171
> Mar 24 20:36:28 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 27 01:24:55 sajka in.telnetd[24016]: connect from 208.36.95.171
> Mar 27 01:25:05 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 29 13:48:15 sajka in.telnetd[31048]: connect from 208.36.95.171
> Mar 29 13:48:34 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Mar 30 00:36:36 sajka in.telnetd[32411]: connect from 208.36.95.171
> Mar 30 00:36:48 sajka login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Apr 1 11:41:54 sajka login: LOGIN ON tty1 BY janina
> Apr 1 12:26:49 sajka login: LOGIN ON tty3 BY janina
> Apr 1 14:06:21 sajka login: ROOT LOGIN ON tty2
> Apr 2 10:44:46 sajka login: ROOT LOGIN ON tty2
> Apr 2 11:10:18 sajka login: LOGIN ON tty1 BY janina
> Apr 2 11:17:44 sajka login: LOGIN ON tty3 BY janina
> Apr 2 14:35:35 sajka login: ROOT LOGIN ON tty4
> Apr 2 14:39:08 sajka login: ROOT LOGIN ON tty6
> Apr 2 15:57:55 sajka login: ROOT LOGIN ON tty1
> Apr 2 16:01:45 sajka login: LOGIN ON tty1 BY janina
> Apr 2 16:01:55 sajka login: ROOT LOGIN ON tty2
> Apr 2 16:05:33 sajka login: LOGIN ON tty3 BY janina
> Apr 2 16:33:56 sajka login: ROOT LOGIN ON tty4
> Apr 2 18:59:48 sajka login: LOGIN ON tty5 BY janina
> Apr 3 22:32:38 sajka login: LOGIN ON tty1 BY janina
> Apr 3 22:32:45 sajka login: ROOT LOGIN ON tty2
> Apr 3 22:39:55 sajka login: LOGIN ON tty1 BY janina
> Apr 3 22:40:00 sajka login: ROOT LOGIN ON tty2
> Apr 3 22:49:17 sajka login: LOGIN ON tty1 BY janina
> Apr 3 22:49:32 sajka login: ROOT LOGIN ON tty2
> Apr 4 09:59:28 sajka login: LOGIN ON tty3 BY janina
> Apr 4 10:42:12 sajka login: LOGIN ON tty1 BY janina
> Apr 4 10:42:20 sajka login: ROOT LOGIN ON tty2
> Apr 4 11:00:27 sajka login: ROOT LOGIN ON tty2
> Apr 4 11:31:07 sajka login: ROOT LOGIN ON tty1
> Apr 4 11:42:04 sajka login: ROOT LOGIN ON tty1
> Apr 4 11:55:03 sajka login: ROOT LOGIN ON tty1
> Apr 4 12:26:11 sajka login: ROOT LOGIN ON tty1
> Apr 4 13:13:07 sajka login: ROOT LOGIN ON tty1
> Apr 4 14:27:25 sajka login: LOGIN ON tty1 BY janina
> Apr 4 15:21:25 sajka login: ROOT LOGIN ON tty2
> Apr 4 16:04:16 sajka login: ROOT LOGIN ON tty4
> Apr 4 16:14:24 sajka login: LOGIN ON tty3 BY janina
> Apr 4 17:07:20 sajka login: LOGIN ON tty1 BY janina
> Apr 4 17:07:40 sajka login: ROOT LOGIN ON tty2
> Apr 4 17:18:27 sajka login: LOGIN ON tty3 BY janina
> Apr 4 17:22:18 sajka login: ROOT LOGIN ON tty4
> Apr 4 19:00:02 sajka login: LOGIN ON tty5 BY janina
> Apr 4 19:07:32 sajka login: ROOT LOGIN ON tty4
> Apr 4 19:54:41 sajka login: ROOT LOGIN ON tty2
> Apr 4 22:13:27 sajka login: ROOT LOGIN ON tty2
> Apr 5 08:47:17 sajka login: LOGIN ON tty1 BY janina
> Apr 5 08:47:28 sajka login: ROOT LOGIN ON tty2
> Apr 5 10:23:27 sajka login: LOGIN ON tty1 BY janina
> Apr 5 10:23:32 sajka login: ROOT LOGIN ON tty2
> Apr 5 13:15:52 sajka login: ROOT LOGIN ON tty4
> Apr 5 13:36:53 sajka login: LOGIN ON tty1 BY janina
> Apr 5 13:37:03 sajka login: ROOT LOGIN ON tty2
> Apr 5 13:39:06 sajka login: LOGIN ON tty3 BY janina
> Apr 5 13:40:10 sajka login: ROOT LOGIN ON tty4
> Apr 5 18:15:41 sajka login: ROOT LOGIN ON tty1
> Apr 5 18:31:45 sajka login: ROOT LOGIN ON tty1
> Apr 5 19:28:25 sajka login: ROOT LOGIN ON tty2
> Apr 5 19:45:50 sajka login: LOGIN ON tty1 BY janina
> Apr 5 21:23:25 sajka login: ROOT LOGIN ON tty1
> Apr 5 22:08:29 sajka login: ROOT LOGIN ON tty1
> Apr 5 22:47:32 sajka login: ROOT LOGIN ON tty1
> Apr 5 23:05:35 sajka login: ROOT LOGIN ON tty1
> Apr 6 01:06:24 sajka login: ROOT LOGIN ON tty1
> Apr 6 09:56:37 sajka login: ROOT LOGIN ON tty1
> Apr 6 11:00:59 sajka login: ROOT LOGIN ON tty1
> Apr 6 11:02:48 sajka login: LOGIN ON tty2 BY janina
> Apr 6 13:31:12 sajka login: ROOT LOGIN ON tty1
> Apr 6 14:09:19 sajka login: ROOT LOGIN ON tty2
> Apr 6 16:41:56 sajka login: ROOT LOGIN ON tty1
> Apr 6 20:33:13 sajka login: ROOT LOGIN ON tty1
> Apr 6 20:41:11 sajka login: ROOT LOGIN ON tty1
> Apr 6 20:53:08 sajka login: ROOT LOGIN ON tty2
> Apr 6 23:16:54 sajka login: ROOT LOGIN ON tty1
> Apr 6 23:58:48 sajka login: ROOT LOGIN ON tty1
> Apr 7 01:02:49 sajka login: ROOT LOGIN ON tty1
> Apr 7 01:29:05 sajka login: ROOT LOGIN ON tty1
> Apr 7 01:33:15 sajka login: ROOT LOGIN ON tty1
> Apr 7 01:39:22 sajka login: ROOT LOGIN ON tty1
> Apr 7 01:43:50 sajka login: LOGIN ON tty1 BY janina
> Apr 7 01:44:56 sajka login: ROOT LOGIN ON tty2
> Apr 7 09:56:48 sajka login: ROOT LOGIN ON tty2
> Apr 7 09:57:47 sajka login: LOGIN ON tty1 BY janina
> Apr 7 09:58:11 sajka login: ROOT LOGIN ON tty2
> Apr 7 10:04:15 sajka login: LOGIN ON tty1 BY janina
> Apr 7 10:05:37 sajka login: LOGIN ON tty1 BY janina
> Apr 7 10:07:38 sajka login: ROOT LOGIN ON tty2
> Apr 7 10:10:32 sajka login: LOGIN ON tty1 BY janina
> Apr 7 13:19:51 sajka login: ROOT LOGIN ON tty2
> Apr 7 13:22:26 sajka login: LOGIN ON tty1 BY janina
> Apr 7 16:23:09 sajka login: LOGIN ON tty3 BY janina
> Apr 7 16:26:39 sajka login: ROOT LOGIN ON tty2
> Apr 7 17:53:30 sajka login: ROOT LOGIN ON tty4
> Apr 7 18:39:54 sajka login: LOGIN ON tty1 BY janina
> Apr 7 18:40:21 sajka login: ROOT LOGIN ON tty2
> Apr 7 20:46:48 sajka in.telnetd[1401]: connect from 192.168.1.239
> Apr 7 22:45:53 sajka ipop3d[2234]: connect from 192.168.1.250
> Apr 7 22:45:53 sajka ipop3d[2234]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 22:45:58 sajka ipop3d[2235]: connect from 192.168.1.250
> Apr 7 22:45:58 sajka ipop3d[2235]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 22:46:03 sajka ipop3d[2237]: connect from 192.168.1.250
> Apr 7 22:46:03 sajka ipop3d[2237]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 22:51:08 sajka ipop3d[2264]: connect from 192.168.1.250
> Apr 7 22:51:08 sajka ipop3d[2264]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 22:51:13 sajka ipop3d[2265]: connect from 192.168.1.250
> Apr 7 22:51:13 sajka ipop3d[2265]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 22:51:18 sajka ipop3d[2266]: connect from 192.168.1.250
> Apr 7 22:51:18 sajka ipop3d[2266]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 22:56:23 sajka ipop3d[2405]: connect from 192.168.1.250
> Apr 7 22:56:23 sajka ipop3d[2405]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 22:56:28 sajka ipop3d[2406]: connect from 192.168.1.250
> Apr 7 22:56:28 sajka ipop3d[2406]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 22:56:33 sajka ipop3d[2407]: connect from 192.168.1.250
> Apr 7 22:56:33 sajka ipop3d[2407]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 23:01:38 sajka ipop3d[2432]: connect from 192.168.1.250
> Apr 7 23:01:38 sajka ipop3d[2432]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 23:01:43 sajka ipop3d[2433]: connect from 192.168.1.250
> Apr 7 23:01:43 sajka ipop3d[2433]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 23:01:48 sajka ipop3d[2434]: connect from 192.168.1.250
> Apr 7 23:01:48 sajka ipop3d[2434]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 23:06:53 sajka ipop3d[2441]: connect from 192.168.1.250
> Apr 7 23:06:53 sajka ipop3d[2441]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 23:06:58 sajka ipop3d[2442]: connect from 192.168.1.250
> Apr 7 23:06:58 sajka ipop3d[2442]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 23:07:03 sajka ipop3d[2443]: connect from 192.168.1.250
> Apr 7 23:07:03 sajka ipop3d[2443]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 23:12:08 sajka ipop3d[2461]: connect from 192.168.1.250
> Apr 7 23:12:08 sajka ipop3d[2461]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 23:12:13 sajka ipop3d[2463]: connect from 192.168.1.250
> Apr 7 23:12:13 sajka ipop3d[2463]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 23:12:18 sajka ipop3d[2464]: connect from 192.168.1.250
> Apr 7 23:12:18 sajka ipop3d[2464]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 23:17:23 sajka ipop3d[2492]: connect from 192.168.1.250
> Apr 7 23:17:23 sajka ipop3d[2492]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 23:17:28 sajka ipop3d[2493]: connect from 192.168.1.250
> Apr 7 23:17:28 sajka ipop3d[2493]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 7 23:17:33 sajka ipop3d[2494]: connect from 192.168.1.250
> Apr 7 23:17:33 sajka ipop3d[2494]: error: cannot execute
/usr/sbin/ipop3d: No such file or directory
> Apr 8 00:02:09 sajka login: LOGIN ON tty3 BY janina
> Apr 8 00:39:49 adsl-151-200-20-29 login: ROOT LOGIN ON tty1
> Apr 8 02:36:27 adsl-151-200-20-29 in.telnetd[1033]: connect from
208.166.24.190
> Apr 8 10:51:22 adsl-151-200-20-29 login: LOGIN ON tty1 BY janina
> Apr 8 11:39:21 adsl-151-200-20-29 login: LOGIN ON tty3 BY janina
> Apr 8 11:39:45 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
> Apr 8 11:51:11 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
> Apr 8 11:59:26 adsl-151-200-20-29 login: LOGIN ON tty3 BY janina
> Apr 8 12:05:51 adsl-151-200-20-29 login: LOGIN ON tty3 BY janina
> Apr 8 12:07:26 adsl-151-200-20-29 login: LOGIN ON tty3 BY janina
> Apr 8 12:40:56 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
> Apr 8 13:20:49 adsl-151-200-20-29 login: ROOT LOGIN ON tty4
> Apr 8 13:29:21 adsl-151-200-20-29 login: ROOT LOGIN ON tty4
> Apr 8 16:34:18 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
> Apr 8 16:48:36 adsl-151-200-20-29 login: ROOT LOGIN ON tty2
> Apr 8 17:06:34 adsl-151-200-20-29 login: ROOT LOGIN ON tty4
> Apr 9 15:46:59 adsl-151-200-20-29 login: ROOT LOGIN ON tty1
> Apr 9 17:01:02 adsl-151-200-20-29 login: ROOT LOGIN ON tty1
> Apr 9 17:01:23 adsl-151-200-20-29 in.telnetd[8511]: connect from
192.168.1.253
> Apr 9 17:18:07 isrd login: ROOT LOGIN ON tty2
> Apr 9 17:58:30 isrd login: LOGIN ON tty3 BY janina
> Apr 9 19:15:31 isrd in.telnetd[1315]: connect from 192.168.1.239
> Apr 9 19:18:17 isrd in.telnetd[1322]: connect from 192.168.1.239
> Apr 9 19:18:22 isrd login: LOGIN ON 0 BY janina FROM 192.168.1.239
> Apr 9 19:58:28 isrd login: ROOT LOGIN ON tty2
> Apr 9 20:25:06 isrd in.ftpd[1022]: connect from 192.168.1.239
> Apr 9 20:25:53 isrd in.ftpd[1023]: connect from 192.168.1.239
> Apr 9 20:35:36 isrd in.ftpd[1135]: connect from 192.168.1.239
> Apr 9 21:32:13 isrd in.ftpd[1699]: connect from 192.168.1.239
> Apr 9 21:33:46 isrd in.ftpd[1701]: connect from 192.168.1.239
> Apr 9 21:34:52 isrd in.ftpd[1703]: connect from 192.168.1.239
> Apr 9 21:46:05 isrd login: ROOT LOGIN ON tty2
> Apr 9 21:47:34 isrd in.ftpd[881]: connect from 208.36.95.171
> Apr 9 21:48:30 isrd login: ROOT LOGIN ON tty4
> Apr 9 21:50:15 isrd in.ftpd[909]: connect from 208.36.95.171
> Apr 9 21:57:00 isrd in.ftpd[991]: connect from 208.36.95.171
> Apr 9 22:02:33 isrd in.ftpd[1008]: connect from 192.168.1.239
> Apr 9 22:12:23 isrd login: ROOT LOGIN ON tty2
> Apr 9 22:43:05 isrd login: LOGIN ON tty1 BY janina
> Apr 10 10:18:03 isrd login: ROOT LOGIN ON tty2
> Apr 10 10:21:14 isrd login: LOGIN ON tty1 BY janina
> Apr 10 11:28:07 isrd login: LOGIN ON tty3 BY janina
> Apr 10 11:35:17 isrd login: LOGIN ON tty1 BY janina
> Apr 10 11:35:25 isrd login: ROOT LOGIN ON tty2
> Apr 10 11:38:27 isrd login: LOGIN ON tty3 BY janina
> Apr 10 11:44:55 isrd login: ROOT LOGIN ON tty4
> Apr 10 13:15:20 isrd login: ROOT LOGIN ON tty2
> Apr 10 13:22:39 isrd login: LOGIN ON tty1 BY janina
> Apr 10 13:25:16 isrd login: LOGIN ON tty3 BY janina
> Apr 10 13:38:26 isrd login: ROOT LOGIN ON tty4
> Apr 10 14:16:54 isrd login: LOGIN ON tty1 BY janina
> Apr 10 14:54:31 isrd login: LOGIN ON tty1 BY janina
> Apr 10 15:05:41 isrd login: LOGIN ON tty1 BY janina
> Apr 10 15:06:49 isrd login: ROOT LOGIN ON tty2
> Apr 10 15:12:39 isrd login: ROOT LOGIN ON tty2
> Apr 10 15:13:39 isrd login: ROOT LOGIN ON tty2
> Apr 10 16:17:08 isrd login: ROOT LOGIN ON tty4
> Apr 10 16:17:17 isrd login: LOGIN ON tty3 BY janina
> Apr 10 18:00:08 isrd login: ROOT LOGIN ON tty2
> Apr 10 18:27:18 isrd login: LOGIN ON tty1 BY janina
> Apr 10 18:53:23 isrd login: ROOT LOGIN ON tty2
> Apr 10 18:58:47 isrd login: LOGIN ON tty1 BY janina
> Apr 10 18:59:57 isrd login: LOGIN ON tty3 BY janina
> Apr 10 19:55:15 isrd login: ROOT LOGIN ON tty1
> Apr 10 22:30:26 isrd login: LOGIN ON tty1 BY janina
> Apr 10 22:30:58 isrd login: ROOT LOGIN ON tty2
> Apr 10 23:46:42 isrd login: LOGIN ON tty3 BY janina
> Apr 11 11:28:37 isrd login: LOGIN ON tty1 BY janina
> Apr 11 16:40:58 isrd login: ROOT LOGIN ON tty4
> Apr 11 18:34:27 isrd login: LOGIN ON tty5 BY janina
> Apr 11 19:13:20 isrd login: ROOT LOGIN ON tty2
> Apr 11 19:15:16 isrd login: LOGIN ON tty1 BY janina
> Apr 11 19:30:08 isrd in.telnetd[935]: connect from 208.36.95.171
> Apr 11 19:30:30 isrd login: LOGIN ON 0 BY janina FROM
w171.z208036095.nyc-ny.dsl.cnc.net
> Apr 11 20:29:50 isrd in.telnetd[1194]: connect from 63.224.68.2
> Apr 11 20:36:56 isrd in.ftpd[1229]: connect from 192.168.1.239
> Apr 11 20:58:13 isrd login: ROOT LOGIN ON tty4
> Apr 11 20:59:38 isrd login: ROOT LOGIN ON tty4
> Apr 11 21:32:23 isrd login: ROOT LOGIN ON tty2
> Apr 11 21:36:47 isrd login: ROOT LOGIN ON tty2
> Apr 11 21:51:16 isrd login: ROOT LOGIN ON tty2
> Apr 11 22:12:26 isrd in.ftpd[1984]: connect from 192.168.1.239
> Apr 11 22:29:59 isrd in.ftpd[2004]: connect from 192.168.1.239
> Apr 11 22:50:37 isrd login: ROOT LOGIN ON tty4
> Apr 11 23:25:22 isrd login: LOGIN ON tty1 BY janina
> Apr 11 23:40:23 isrd ipop3d[2300]: connect from 151.200.19.201
> Apr 11 23:40:23 isrd ipop3d[2300]: error: cannot execute /usr/sbin/ipop3d:
No such file or directory
> Apr 11 23:40:23 isrd in.fingerd[2306]: connect from 151.200.19.201
> Apr 11 23:42:01 isrd in.ftpd[2363]: connect from 151.200.19.201
> Apr 11 23:42:24 isrd in.ftpd[2373]: connect from 151.200.19.201
>
>
> And another version of the facts, just the facts:
>
> Apr 11 23:40:23 isrd portmap[2303]: connect from 151.200.19.201 to dump():
request from unauthorized host
> Apr 12 03:40:51 isrd ftpd[2298]: refused PORT 199.199.199.199,2570 from
adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 11 23:42:13 isrd sendmail[2368]: NOQUEUE: "wiz" command from
adsl-151-200-19-201.bellatlantic.net [151.200.19.201] (151.200.19.201)
> Apr 11 23:42:14 isrd sendmail[2371]: XAA02371: "debug" command from
adsl-151-200-19-201.bellatlantic.net [151.200.19.201] (151.200.19.201)
> Apr 11 23:42:45 isrd PAM-securetty[2377]: Error opening /etc/securetty
>
> And, finally:
>
> Apr 11 23:40:23 isrd portmap[2303]: connect from 151.200.19.201 to dump():
request from unauthorized host
> Apr 12 03:40:51 isrd ftpd[2298]: ANONYMOUS FTP LOGIN FROM
adsl-151-200-19-201.bellatlantic.net [151.200.19.201], cis@security.check
> Apr 12 03:40:51 isrd ftpd[2298]: refused PORT 199.199.199.199,2570 from
adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 12 03:40:51 isrd ftpd[2298]: FTP session closed
> Apr 12 03:42:01 isrd ftpd[2363]: ANONYMOUS FTP LOGIN FROM
adsl-151-200-19-201.bellatlantic.net [151.200.19.201], IE40user@
> Apr 12 03:42:24 isrd ftpd[2373]: ANONYMOUS FTP LOGIN FROM
adsl-151-200-19-201.bellatlantic.net [151.200.19.201], IE40user@
> Apr 12 03:48:27 isrd ftpd[2373]: lost connection to
adsl-151-200-19-201.bellatlantic.net [151.200.19.201]
> Apr 12 03:48:27 isrd ftpd[2373]: FTP session closed
>
> That's right. They came back four hours later to poke around in person via
> anonymous ftp. What did they want? How about a file with the net address
> for about a dozen time servers? <grin>
>
> Wed Apr 12 03:42:25 2000 1 adsl-151-200-19-201.bellatlantic.net 562
/home/ftp/pub/misc/ntp-servers.txt b _ o a IE40user@ ftp 0 * c
>
> So, if I'm crowing any, it's thanks to the great Bastille scripts. I would
> not have known enough to have plugged all of these holes myself yet. And,
> I'd be a very unhappy camper had I not used Bastille.
>
> Thanks, Peter, and the rest of ya'all. --
>
> Janina Sajka, Director
> Information Systems Research & Development
> American Foundation for the Blind (AFB)
>
> janina@afb.net
>
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~ UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
Thanks to Bastille, I'm Still Alive Janina Sajka
` cpt.kirk
` wabe
` Victor Tsaran
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).