Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

syslog

Posted on 2003-10-21
6
Medium Priority
?
949 Views
Last Modified: 2007-12-19
What does this mean (copied fron the syslog on unix server)
Oct 20 23:29:05 syracuse fct_nbsd[19761]: Connection from (67.124.137.93)
Oct 21 00:54:57 syracuse fct_nbsd[20167]: Connection from (67.124.137.93)
Oct 21 00:54:57 syracuse fct_smbd[20168]: MY-I8XBLGBF5K3B: fct_smbd -n MY-I8XBLGBF5K3B
Oct 21 00:54:58 syracuse fct_smbd[20168]: MY-I8XBLGBF5K3B: Connection reset by client
Oct 21 04:44:24 syracuse fct_vtpd[27944]: receiver exiting because of Sender exit
Oct 21 04:44:24 syracuse fct_vtpd[27940]: facetwin vtp: Program exit.

Was my server accessed by 67.124.137.93?
 What is a good nslookup program?
Thanks
0
Comment
Question by:eliallen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 1

Accepted Solution

by:
Satalink earned 1500 total points
ID: 9592710
This is all I could find.  Maybe it will help.
You can get info on that ip from:  http://www.samspade.org/

http://news.spamcop.net/pipermail/spamcop-geeks/2002-December/003520.html
0
 
LVL 6

Expert Comment

by:bira
ID: 9593135
Take a look at http://www.zoneedit.com/
0
 
LVL 38

Expert Comment

by:yuzh
ID: 9595605
It look like is being probed FacetWin/Samba connections.

Have a look at:
http://news.spamcop.net/pipermail/spamcop-geeks/2002-December/003520.html
http://news.spamcop.net/pipermail/spamcop-geeks/2002-December/003521.html
http://www.facetcorp.com/images/pdf/fwsecure.pdf

You need to check your logs, "cksum" to verify binary program such as netstat, ifconfig, ps, su, ls, find ....

If the system has been hacked, I suggested that rebuild from a reliable backup, or fresh
installed , and ask all your users change their passwd, disable unwanted service, etc, etc.


0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Expert Comment

by:Satalink
ID: 9598065
I would log and track all unwanted connetions, assuming your system has a public IP.  Work with your router guys, and maybe even your abuse departement.  They can block ip ranges at the router.. the abuse departement can work with the service provider... in the case it's Pacific Bell... and they will warn their user and possibly even cancel their account.   Assuming your ip is public, that's really the best you can do.  If your abuse department is on their toes, there are huge ip ranges that are typically blocked specifically those coming from asia and korea.
0
 
LVL 20

Expert Comment

by:Gns
ID: 9598529
From the timestamps it looks like a probe, but not a "successful" one. FacetWin done right should be safe, so you should be safe, but perhaps a look to limit SMB access to the server (to only allow ... allowed clients through router/firewall) would be a prudent reaction.

-- Glenn
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9604810
It looks like some tried to hack your system.

These logs messages as suggested in above comments are from Facetbin.
ip address traceroute suggest that this was done by some user who got ip connection from pacbell DSL. u would not be able to know about user unless u contact pacbell DSL guys.
as logs also suggested user got connected with the username MY-I8XBLGBF5K3B.
it was a ftp connection.

tryt to put firewall or start using SSH for all login activities.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question