Unix Technical Forum - View Single Post

#1 (**permalink**) 02-19-2008, 12:16 PM

Dear all

I have the following in my log files and have been told someone from my site
has been trying to hack there site.
I thought I had closed in.comsat in inetd.conf

/var/log/secure
Jun 16 16:00:55 pingnu in.comsat[17458]: connect from 127.0.0.1
Jun 16 17:01:32 pingnu in.comsat[17484]: connect from 127.0.0.1
Jun 16 17:10:18 pingnu in.comsat[17662]: connect from 127.0.0.1
Jun 16 17:43:58 pingnu in.comsat[17668]: connect from 127.0.0.1
Jun 16 18:05:14 pingnu in.comsat[17843]: connect from 127.0.0.1
Jun 16 18:36:07 pingnu in.comsat[17849]: connect from 127.0.0.1
/var/log/messages
Jun 13 10:55:17 router popa3d[2175]: 0 (0) deleted, 0 (0) left
Jun 13 11:00:42 router in.identd[2193]: reply to 127.0.0.1: 32827 , 25 :
USERID : OTHER :25
Jun 13 11:15:14 router popa3d[2199]: Didn't attempt authentication

http://www.attrition.org/security/de...omsat.dos.html

I have a off site virtual server running slackware 9.0 as well both have
sendmail running. I am still not sure if I have been hacked or am I being
paranoid.

Regards Carl Parsons

Thread: in.comsat vulnerability View Single Post

Thread: in.comsat vulnerability
View Single Post