It is currently Mon, 18 Mar 2024 17:01:05 GMT



 
Author Message
 What are these log entrys?
I've never seen this before.  Anyone know what may be causing this?

Thanks.

Feb 13 17:37:29 C287853-A kernel: Packet log: input DENY eth0 PROTO=6
24.12.247.8:3747 24.1.27.58:27374 L=44 S=0x00 I=50722 F=0x4000 T=28 SYN
(#113)
Feb 13 17:40:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 17:40:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 17:40:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 17:40:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 17:40:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 17:40:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 17:50:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 17:50:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 17:50:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 17:50:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 17:50:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 17:50:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 18:00:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 18:00:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 18:00:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 18:00:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 18:00:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 18:00:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 18:10:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 18:10:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 18:10:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 18:10:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 18:10:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 18:10:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 18:20:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 18:20:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 18:20:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 18:20:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 18:20:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 18:20:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 18:30:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 18:30:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 18:30:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 18:30:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 18:30:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 18:30:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 18:40:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 18:40:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 18:40:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 18:40:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 18:40:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 18:40:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 18:50:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 18:50:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 18:50:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 18:50:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 18:50:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 18:50:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 19:00:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 19:00:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 19:00:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 19:00:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 19:00:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 19:00:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 19:10:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 19:10:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 19:10:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 19:10:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 19:10:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 19:10:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 19:20:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 19:20:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 19:20:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 19:20:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 19:20:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 19:20:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 19:30:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 19:30:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 19:30:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 19:30:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 19:30:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 19:30:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 19:40:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 19:40:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 19:40:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 19:40:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 19:40:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 19:40:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 19:50:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 19:50:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 19:50:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 19:50:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 19:50:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 19:50:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 19:57:16 C287853-A kernel: Packet log: input DENY eth0 PROTO=6
134.114.120.31:3986 24.1.27.58:1243 L=48 S=0x00 I=39728 F=0x4000 T=113 SYN
(#113)
Feb 13 20:00:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 20:00:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 20:00:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 20:00:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 20:00:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 20:00:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 20:10:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 20:10:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 20:10:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 20:10:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 20:10:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 20:10:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 20:20:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 20:20:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 20:20:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 20:20:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 20:20:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 20:20:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 20:30:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 20:30:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 20:30:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 20:30:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 20:30:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 20:30:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 20:40:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 20:40:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 20:40:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 20:40:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 20:40:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 20:40:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
Feb 13 20:50:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use
Feb 13 20:50:15 C287853-A inetd[12879]: auth/tcp: bind: Address already in
use
Feb 13 20:50:15 C287853-A inetd[12879]: imap2/tcp: bind: Address already in
use
Feb 13 20:50:15 C287853-A inetd[12879]: pop3/tcp: bind: Address already in
use
Feb 13 20:50:15 C287853-A inetd[12879]: telnet/tcp: bind: Address already in
use
Feb 13 20:50:15 C287853-A inetd[12879]: ftp/tcp: bind: Address already in
use
...

read more »



 Fri, 02 Aug 2002 03:00:00 GMT   
 What are these log entrys?
Looks like a Sub7 probe/connection attempts from a Washinton area
@home account and from Northern Arizona University.

ports 1243 and 27374 are definately default ports for
two different versions of the Sub7 trojan horse, only works
against Win98/NT(?) machines infected with the trojan client.

I get probes for these two ports almost daily.

                                                   ^^^^

This one is from a fellow @home user (24.12.247.8).  Pass your logs onto
ab...@home.com as portscanning and unauthorized access to
remote systems is a violation of @home's AUP.

from http://www.home.com/support/aup/

"The Services may not be used to breach the security of another user or to
attempt to gain access to any other person's computer, software or data,
without the knowledge and consent of such person. They also may not be used
in any attempt to circumvent the user authentication or security of any
host, network, or account. This includes, but is not limited to, accessing
data not intended for you, logging into or making use of a server or account
you are not expressly authorized to access, or probing the security of other
networks. Use or distribution of tools designed for compromising security,
such as password guessing programs, cracking tools, packet sniffers or
network probing tools, is prohibited. "

====

For this one from 134.114.120.31, contact Chris.Mich...@NAU.EDU

                                                        ^^^^

Northern Arizona University (NET-NAU-NET)
   Flagstaff, AZ 86011

   Netname: NAU-NET
   Netnumber: 134.114.0.0

   Coordinator:
      Michels, Chris V  (CVM-ARIN)  Chris.Mich...@NAU.EDU
      (520) 523-6495

..... if you wish to report this activity.

Not sure about these :
Feb 13 17:40:15 C287853-A inetd[12879]: linuxconf/tcp: bind: Address already
in use

Don



 Fri, 02 Aug 2002 03:00:00 GMT   
 
   [ 2 post ] 

Similar Threads

1. weird entrys logged thru ipchains

2. Strange entrys in error log

3. I AM GONNA PUKE - I AM GONNA PUKE - I AM GONNA PUKE - I AM GONNA PUKE - I AM GONNA PUKE - I AM GONNA PUKE - I AM GONNA PUKE -

4. router log - I am under attack ??

5. xdm adding utmp entrys using sessreg: Problems

6. Urgent: Am I attacked, all logs are empty

7. Why am I not logged in wtmp?

8. Does DOS complain about illegal partition table entrys?


 
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software