Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

syslog

Posted on 2003-10-21
6
Medium Priority
?
952 Views
Last Modified: 2007-12-19
What does this mean (copied fron the syslog on unix server)
Oct 20 23:29:05 syracuse fct_nbsd[19761]: Connection from (67.124.137.93)
Oct 21 00:54:57 syracuse fct_nbsd[20167]: Connection from (67.124.137.93)
Oct 21 00:54:57 syracuse fct_smbd[20168]: MY-I8XBLGBF5K3B: fct_smbd -n MY-I8XBLGBF5K3B
Oct 21 00:54:58 syracuse fct_smbd[20168]: MY-I8XBLGBF5K3B: Connection reset by client
Oct 21 04:44:24 syracuse fct_vtpd[27944]: receiver exiting because of Sender exit
Oct 21 04:44:24 syracuse fct_vtpd[27940]: facetwin vtp: Program exit.

Was my server accessed by 67.124.137.93?
 What is a good nslookup program?
Thanks
0
Comment
Question by:eliallen
6 Comments
 
LVL 1

Accepted Solution

by:
Satalink earned 1500 total points
ID: 9592710
This is all I could find.  Maybe it will help.
You can get info on that ip from:  http://www.samspade.org/

http://news.spamcop.net/pipermail/spamcop-geeks/2002-December/003520.html
0
 
LVL 6

Expert Comment

by:bira
ID: 9593135
Take a look at http://www.zoneedit.com/
0
 
LVL 38

Expert Comment

by:yuzh
ID: 9595605
It look like is being probed FacetWin/Samba connections.

Have a look at:
http://news.spamcop.net/pipermail/spamcop-geeks/2002-December/003520.html
http://news.spamcop.net/pipermail/spamcop-geeks/2002-December/003521.html
http://www.facetcorp.com/images/pdf/fwsecure.pdf

You need to check your logs, "cksum" to verify binary program such as netstat, ifconfig, ps, su, ls, find ....

If the system has been hacked, I suggested that rebuild from a reliable backup, or fresh
installed , and ask all your users change their passwd, disable unwanted service, etc, etc.


0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:Satalink
ID: 9598065
I would log and track all unwanted connetions, assuming your system has a public IP.  Work with your router guys, and maybe even your abuse departement.  They can block ip ranges at the router.. the abuse departement can work with the service provider... in the case it's Pacific Bell... and they will warn their user and possibly even cancel their account.   Assuming your ip is public, that's really the best you can do.  If your abuse department is on their toes, there are huge ip ranges that are typically blocked specifically those coming from asia and korea.
0
 
LVL 20

Expert Comment

by:Gns
ID: 9598529
From the timestamps it looks like a probe, but not a "successful" one. FacetWin done right should be safe, so you should be safe, but perhaps a look to limit SMB access to the server (to only allow ... allowed clients through router/firewall) would be a prudent reaction.

-- Glenn
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9604810
It looks like some tried to hack your system.

These logs messages as suggested in above comments are from Facetbin.
ip address traceroute suggest that this was done by some user who got ip connection from pacbell DSL. u would not be able to know about user unless u contact pacbell DSL guys.
as logs also suggested user got connected with the username MY-I8XBLGBF5K3B.
it was a ftp connection.

tryt to put firewall or start using SSH for all login activities.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question