Hi Serge Delorme; unless Mutt is confused, you wrote: > I only have a simple dial-out PPP connection from my ISP. > I'm still on a Bo system with shadow password enable. > Two days ago I see this message from my xconsole: > > Aug 20 10:19:56 ordino in.telnetd[349]: connect from ppp-014.m4-1.mtl.ican.net > Aug 20 10:20:01 ordino telnetd[349]: ttloop: peer died: Success > > I understand the first line; somebody requested a telnet session from my > system. The second one I'm not sure...who cut the connection, the other side > or my system? > > To this date I did not really care about security, I'm the only user and I'm > on > line for short periods, but now I'm getting a little panicked...is Bo > security ok or should/can I do more? Do I have to deny requests for telnet > and ftp > sessions or is on by default? > > Paranoid. >
it is interesting that similar thing happened to me yesterday. I'm running a fully stable hamm system, and this is the first time something like that happened. My syslog file shows this: Aug 22 15:10:41 camelot in.telnetd[1709]: connect from 1Cust35.tnt15.tco2.da.uu. net Aug 22 15:10:42 camelot telnetd[1709]: ttloop: peer died: Invalid or incomplete multibyte or wide character I have tried pinging the above host right after that and it returned the I.P. address 153.36.2.35 . does anyone know how can I get the actual site name from this? As the original poster, my connection is ppp dial-up thru a very good ISP, and I haven't had this happening before... Any clarification, help or opinions welcome. damir