hi list, have a very obscure discovery : tonight at 4:03 I got a logfile called vgetty.modem it is of about 89301439 blocks - a very big file. Starting at 4.03 in the morning there are a lot of efforts to get a connection to our system via the vgetty chat. I have the phonenumber and all the efforts like passwords with and without crypted passwords. Is it possible to get a connection via vgetty or not ? If not, what has happen ? Are there other possibilities in Linux, so that a process can get out of control ? Maybe a bad script ? We have a connection to the internet via an Ascend Router. 5 Computers have a direct connection through a HUB. Only one computer has this vgetty.mode - file. But exactly this computer has had no running vgetty before and never had a modem installed. What I have : Mandrake-(redhat 5.2) Linux with kernel 2.0.36; 5 PC's running linux, 2 PC's running windows, one apple, one Sun Sparc 10 with RH 5.1 and one SGI IRIS at this network-tree. One linux-pc acts as a gateway for the second network-tree. But only has one direction - to the Server, not back. I'll send a piece of code from that vgetty.modem-file, so you can see, what's happen. If that is not a hacker, which possibilities I have to resolve that problem ? What can it be otherwise ? Your help is very appreciated and urgently needed !!! bye, hans sysadmin Business-CON'ZEPT
03/10 11:50:26 dem vgetty: experimental test release 0.8.1 / 25Mar98 03/10 11:50:26 dem mgetty: experimental test release 1.1.14-Apr02 03/10 11:50:26 dem reading generic configuration from config file /etc/mgetty+s endfax/voice.conf 03/10 11:50:26 dem reading program vgetty configuration from config file /etc/m getty+sendfax/voice.conf 03/10 11:50:26 dem reading port modem configuration from config file /etc/mgett y+sendfax/voice.conf 03/10 11:50:26 dem check for lockfiles 03/10 11:50:26 dem locking the line 03/10 11:50:27 dem lowering DTR to reset Modem 03/10 11:50:27 dem send: \dATQ0V1H0[0d] 03/10 11:50:28 dem waiting for ``OK'' ** found ** 03/10 11:50:28 dem send: ATS0=0Q0&D3&C1[0d] 03/10 11:50:28 dem waiting for ``OK'' ** found ** 03/10 11:50:29 dem mdm_send: 'ATI' 03/10 11:50:29 dem USR Courier/Sportster 56k detected 03/10 11:50:29 dem mdm_send: 'ATI3' 03/10 11:50:29 dem additional info: 'Texas Instruments RK 56000 Voice Fax Rev. 4.7.30' 03/10 11:50:29 dem mdm_send: 'AT+FCLASS=2.0' -> OK 03/10 11:50:29 dem mdm_send: 'AT+FAA=1;+FCR=1' -> OK 03/10 11:50:29 dem mdm_send: 'AT+FBO=1' -> OK 03/10 11:50:30 dem mdm_send: 'AT+FNR=1,1,1,0' -> OK 03/10 11:50:30 dem mdm_send: 'AT+FLI="49 7473 921437"' -> OK 03/10 11:50:30 dem mdm_send: 'AT+FCC=1,5,0,2,0,0,0,0' -> OK 03/10 11:50:30 dem detecting voice modem type 03/10 11:50:31 dem US Robotics detected 03/10 11:50:31 dem US Robotics voice modem 03/10 11:50:31 dem This is a driver beta version. V0.4.b3 03/10 11:50:32 dem VTD setup successful ############################################################################## # another piece of code : ############################################################################# 03/11 12:50:52 dem vgetty: experimental test release 0.8.1 / 25Mar98 03/11 12:50:52 dem mgetty: experimental test release 1.1.14-Apr02 03/11 12:50:52 dem reading generic configuration from config file /etc/mgetty+s endfax/voice.conf 03/11 12:50:52 dem reading program vgetty configuration from config file /etc/m getty+sendfax/voice.conf 03/11 12:50:52 dem reading port modem configuration from config file /etc/mgett y+sendfax/voice.conf 03/11 12:50:52 dem check for lockfiles 03/11 12:50:52 dem locking the line 03/11 12:50:53 dem WARNING: DSR is off - modem turned off or bad cable? 03/11 12:50:53 dem lowering DTR to reset Modem 03/11 12:50:54 dem send: \dATQ0V1H0[0d] 03/11 12:50:54 dem waiting for ``OK'' 03/11 12:51:14 dem timeout in chat script, waiting for `OK' 03/11 12:51:14 dem init chat timed out, trying force-init-chat 03/11 12:51:14 dem send: \d[10][03]\d\d\d+++\d\d\d[0d]\dATQ0V1H0[0d] 03/11 12:51:18 dem waiting for ``OK'' 03/11 12:51:38 dem timeout in chat script, waiting for `OK' 03/11 12:51:38 dem init chat failed, exiting...: Interrupted system call 03/11 12:51:38 ##### failed in mg_init_data, dev=modem, pid=25221 ##############################################################################
