Solved

syslog

Posted on 2003-10-21
6
944 Views
Last Modified: 2007-12-19
What does this mean (copied fron the syslog on unix server)
Oct 20 23:29:05 syracuse fct_nbsd[19761]: Connection from (67.124.137.93)
Oct 21 00:54:57 syracuse fct_nbsd[20167]: Connection from (67.124.137.93)
Oct 21 00:54:57 syracuse fct_smbd[20168]: MY-I8XBLGBF5K3B: fct_smbd -n MY-I8XBLGBF5K3B
Oct 21 00:54:58 syracuse fct_smbd[20168]: MY-I8XBLGBF5K3B: Connection reset by client
Oct 21 04:44:24 syracuse fct_vtpd[27944]: receiver exiting because of Sender exit
Oct 21 04:44:24 syracuse fct_vtpd[27940]: facetwin vtp: Program exit.

Was my server accessed by 67.124.137.93?
 What is a good nslookup program?
Thanks
0
Comment
Question by:eliallen
6 Comments
 
LVL 1

Accepted Solution

by:
Satalink earned 500 total points
ID: 9592710
This is all I could find.  Maybe it will help.
You can get info on that ip from:  http://www.samspade.org/

http://news.spamcop.net/pipermail/spamcop-geeks/2002-December/003520.html
0
 
LVL 6

Expert Comment

by:bira
ID: 9593135
Take a look at http://www.zoneedit.com/
0
 
LVL 38

Expert Comment

by:yuzh
ID: 9595605
It look like is being probed FacetWin/Samba connections.

Have a look at:
http://news.spamcop.net/pipermail/spamcop-geeks/2002-December/003520.html
http://news.spamcop.net/pipermail/spamcop-geeks/2002-December/003521.html
http://www.facetcorp.com/images/pdf/fwsecure.pdf

You need to check your logs, "cksum" to verify binary program such as netstat, ifconfig, ps, su, ls, find ....

If the system has been hacked, I suggested that rebuild from a reliable backup, or fresh
installed , and ask all your users change their passwd, disable unwanted service, etc, etc.


0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 1

Expert Comment

by:Satalink
ID: 9598065
I would log and track all unwanted connetions, assuming your system has a public IP.  Work with your router guys, and maybe even your abuse departement.  They can block ip ranges at the router.. the abuse departement can work with the service provider... in the case it's Pacific Bell... and they will warn their user and possibly even cancel their account.   Assuming your ip is public, that's really the best you can do.  If your abuse department is on their toes, there are huge ip ranges that are typically blocked specifically those coming from asia and korea.
0
 
LVL 20

Expert Comment

by:Gns
ID: 9598529
From the timestamps it looks like a probe, but not a "successful" one. FacetWin done right should be safe, so you should be safe, but perhaps a look to limit SMB access to the server (to only allow ... allowed clients through router/firewall) would be a prudent reaction.

-- Glenn
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9604810
It looks like some tried to hack your system.

These logs messages as suggested in above comments are from Facetbin.
ip address traceroute suggest that this was done by some user who got ip connection from pacbell DSL. u would not be able to know about user unless u contact pacbell DSL guys.
as logs also suggested user got connected with the username MY-I8XBLGBF5K3B.
it was a ftp connection.

tryt to put firewall or start using SSH for all login activities.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question