[NCLUG] FW: strange message sent to root
mike cullerton
michaelc at cullerton.com
Mon Feb 26 17:01:42 MST 2001
on 2/26/01 10:18 AM, Michael Dwyer at mdwyer at sixthdimension.com wrote:
>> hey folks, i just got about 20 of these messages in about 5 seconds.
> anyone
>> know what's going on here? this is a slackware 7.1 system.
>
>> [211.118.21.87]
>> No one logged on.
>
> I've never seen anything like that before on a Slack system. Check the
> system logs (/var/log/messges) for any further mail traces. Also, check the
> crontabs (crontab -l <username>) to see if there is a timed event causing
> these. It LOOKS like it was
> sent local-to-local, so it is likely from your local machine. You you
> recently install
> some intrusion detection software?
haven't installed anything new lately. in fact, the last couple months i've
been spending most of my free time learning as much as i can about my system
and how it works. there isn't much going on in my box. i went thru the logs
with my boss today and nothing stands out.
and, i got 44 more of these this morning between 3:48 and 4:21. different ip
address (212.17.69.221), but all 44 had the same ip address. i traced to it
and it exists.
wierd... especially that there's no real clue as to where/what they come
from.
-- mike cullerton
More information about the NCLUG
mailing list