sequences in the auth.log
Devon H. O'Dell
dodell at sitetronics.com
Wed Aug 18 02:57:04 PDT 2004
Nikolay Pavlov <quetzal at roks.biz> scribbled:
> Hi, Justin
>
> On Tuesday, 17 August 2004 at 23:01:28 -0500, Justin wrote:
> > I'm seeing the same thing in my log. It makes me think it is a virus because
> > test, guest, and admin are not normal unix users.
>
> And I'm too. But I think that this is a some kind of Linux worm.
> The first record in my auth.log dated on Jul 23 01:48:30
> Nmap identificates all hosts (already more than ten) in my auth.log as
> "Linux 2.4.0 - 2.5.20, Linux 2.4.20 (Itanium), Linux 2.4.20 - 2.4.22 w/grsecurity.org patch"
>
> Best regards,
> Nikolay Pavlov.
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
This has recently and fully been discussed on the full-disclosure
mailing list.
--
Kind regards,
Devon H. O'Dell | dodell at sitetronics.com
Key: 4D3D8CA7 | IRC: bofh at WhatNET thebofh at efnet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040818/0de3446f/attachment.bin
More information about the freebsd-security
mailing list