Solved

syslog

Posted on 2003-10-21
6
947 Views
Last Modified: 2007-12-19
What does this mean (copied fron the syslog on unix server)
Oct 20 23:29:05 syracuse fct_nbsd[19761]: Connection from (67.124.137.93)
Oct 21 00:54:57 syracuse fct_nbsd[20167]: Connection from (67.124.137.93)
Oct 21 00:54:57 syracuse fct_smbd[20168]: MY-I8XBLGBF5K3B: fct_smbd -n MY-I8XBLGBF5K3B
Oct 21 00:54:58 syracuse fct_smbd[20168]: MY-I8XBLGBF5K3B: Connection reset by client
Oct 21 04:44:24 syracuse fct_vtpd[27944]: receiver exiting because of Sender exit
Oct 21 04:44:24 syracuse fct_vtpd[27940]: facetwin vtp: Program exit.

Was my server accessed by 67.124.137.93?
 What is a good nslookup program?
Thanks
0
Comment
Question by:eliallen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 1

Accepted Solution

by:
Satalink earned 500 total points
ID: 9592710
This is all I could find.  Maybe it will help.
You can get info on that ip from:  http://www.samspade.org/

http://news.spamcop.net/pipermail/spamcop-geeks/2002-December/003520.html
0
 
LVL 6

Expert Comment

by:bira
ID: 9593135
Take a look at http://www.zoneedit.com/
0
 
LVL 38

Expert Comment

by:yuzh
ID: 9595605
It look like is being probed FacetWin/Samba connections.

Have a look at:
http://news.spamcop.net/pipermail/spamcop-geeks/2002-December/003520.html
http://news.spamcop.net/pipermail/spamcop-geeks/2002-December/003521.html
http://www.facetcorp.com/images/pdf/fwsecure.pdf

You need to check your logs, "cksum" to verify binary program such as netstat, ifconfig, ps, su, ls, find ....

If the system has been hacked, I suggested that rebuild from a reliable backup, or fresh
installed , and ask all your users change their passwd, disable unwanted service, etc, etc.


0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:Satalink
ID: 9598065
I would log and track all unwanted connetions, assuming your system has a public IP.  Work with your router guys, and maybe even your abuse departement.  They can block ip ranges at the router.. the abuse departement can work with the service provider... in the case it's Pacific Bell... and they will warn their user and possibly even cancel their account.   Assuming your ip is public, that's really the best you can do.  If your abuse department is on their toes, there are huge ip ranges that are typically blocked specifically those coming from asia and korea.
0
 
LVL 20

Expert Comment

by:Gns
ID: 9598529
From the timestamps it looks like a probe, but not a "successful" one. FacetWin done right should be safe, so you should be safe, but perhaps a look to limit SMB access to the server (to only allow ... allowed clients through router/firewall) would be a prudent reaction.

-- Glenn
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9604810
It looks like some tried to hack your system.

These logs messages as suggested in above comments are from Facetbin.
ip address traceroute suggest that this was done by some user who got ip connection from pacbell DSL. u would not be able to know about user unless u contact pacbell DSL guys.
as logs also suggested user got connected with the username MY-I8XBLGBF5K3B.
it was a ftp connection.

tryt to put firewall or start using SSH for all login activities.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question