> I've been one of many that have lately had a ton of logs with > dns floods and http scans. I figured that I would go and SILENT_DENY > them yesterday. I did and my logs stayed empty the rest of the day. > > Today I checked the weblet and I had http SYN packets in my logs. > So, I go down and set up a monitor and get ready to check things out. > To my amazement, everything was all in CAPS .... everything from the > shell and my keyboard input. It lagged a little when I logged in, so I > 'ae' a .conf file and attempt to scroll ..... it's lagging like ssh does > (ohhh, now I'm real interested)! I pull up another shell and everything > is normal (no lag and the fonts are case-sensitive again). I check > 'ps ax' and everything is normal, so I 'svi network reload' and change > back to terminal 1. Terminal 1 is back to normal now too. > > None of my network settings have changed. The box is a DF floppy > w/o ssh, IPSec, or telnet. The only hole in the firewall is a portfw > to a internal webserver w/o any name resolution on port 81. > After resetting the firewall, I got a bunch of port 80 and a couple of > port 21 hits. > > Any idea's .... I'm afraid someone was somehow filtering my shell. > Oh, I know the date is borked on the machine .... it's been a low > priority.
Did you maybe have the caps lock on when you logged in? If you log in as ROOT instead of root, linux assumes you're logging in from an ancient terminal that doesn't support lower-case, so it does translation for you. Everything you see is in upper case, but anything you type will be converted to lower case by the terminal driver... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
