> Hi all. This is a mixed networking/security question. Early yesterday
> morning I got up and noticed that my linux box, which has a permanent
> cable connection, was quite busy. I hadn't left anything running, but
> figured it was just my website being accessed. A little later, I checked
> my /var/log/messages, and found these lines:
>
> Nov 16 03:30:02 cr24327-9 telnetd[902]: ttloop: peer died: Invalid or
> incomplete multibyte or wide character
> Nov 16 03:30:02 cr24327-9 ftpd[901]: FTP session closed
>
> There are no matching telnet or ftp session open entries, so I suspect a
> break-in or attempted break-in.
>
> Can anyone shed some light on this?
Looks like a port scan to me, readup on ipchains and put some logging
rules in would be my suggestion
--
Tim Fletcher .~.
/V\ L I N U X
[EMAIL PROTECTED] // \\ >Don't fear the penguin<
[EMAIL PROTECTED] /( )\
^^-^^
Organic chemistry is the chemistry of carbon compounds. Biochemistry
is the study of carbon compounds that crawl.
-- Mike Adams
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
