strange telnet from loopback?

Tom Pollerman Tue, 09 Apr 2002 18:22:02 -0700

Hi,

I had just disconnected from a dial-up session with my ISP, and decided
to
check my /var/log entries before sutting down the machine. I found this in
/var/log/messages:


Apr  7 17:26:10 linuxbox kernel: registered device ppp0
Apr  7 17:26:10 linuxbox pppd[873]: pppd 2.3.11 started by root, uid 0
Apr  7 17:26:10 linuxbox pppd[873]: Using interface ppp0
Apr  7 17:26:10 linuxbox pppd[873]: Connect: ppp0 <--> /dev/ttyS3
Apr  7 17:26:11 linuxbox kernel: PPP BSD Compression module registered
Apr  7 17:26:11 linuxbox kernel: PPP Deflate Compression module registered
Apr  7 17:26:12 linuxbox pppd[873]: local  IP address 65.42.4.74
Apr  7 17:26:12 linuxbox pppd[873]: remote IP address 65.42.4.2
Apr  7 17:30:00 linuxbox CROND[954]: (root) CMD (   /sbin/rmmod -as) 
Apr  7 17:40:00 linuxbox CROND[975]: (root) CMD (   /sbin/rmmod -as) 
Apr  7 17:43:25 linuxbox pppd[873]: Terminating on signal 15.
Apr  7 17:43:25 linuxbox pppd[873]: Connection terminated.
Apr  7 17:43:25 linuxbox pppd[873]: Connect time 17.3 minutes.
Apr  7 17:43:25 linuxbox pppd[873]: Sent 59516 bytes, received 456293 bytes.
Apr  7 17:43:27 linuxbox pppd[873]: Exit.
Apr  7 17:50:00 linuxbox CROND[996]: (root) CMD (   /sbin/rmmod -as) 
Apr  7 18:00:00 linuxbox CROND[1039]: (root) CMD (   /sbin/rmmod -as) 
Apr  7 18:00:00 linuxbox kernel: PPP: ppp line discipline successfully
unregistered
Apr  7 18:01:01 linuxbox CROND[1044]: (root) CMD (run-parts
/etc/cron.hourly)
 
Apr  7 18:01:47 linuxbox xinetd[1046]: libwrap refused connection to telnet
from 127.0.0.1

Apr  7 18:10:00 linuxbox CROND[1076]: (root) CMD (   /sbin/rmmod -as) 
Apr  7 18:20:00 linuxbox CROND[4563]: (root) CMD (   /sbin/rmmod -as) 
Apr  7 18:30:00 linuxbox CROND[16712]: (root) CMD (   /sbin/rmmod -as) 
Apr  7 18:40:00 linuxbox CROND[29458]: (root) CMD (   /sbin/rmmod -as) 
Apr  7 18:50:00 linuxbox CROND[9315]: (root) CMD (   /sbin/rmmod -as) 
Apr  7 19:00:00 linuxbox CROND[11820]: (root) CMD (   /sbin/rmmod -as) 
Apr  7 19:01:00 linuxbox CROND[11822]: (root) CMD (run-parts
/etc/cron.hourly) 
Apr  7 19:10:00 linuxbox CROND[11843]: (root) CMD (   /sbin/rmmod -as) 
Apr  7 19:12:21 linuxbox kernel: hdd: ATAPI 40X CD-ROM drive, 128kB Cache
Apr  7 19:12:21 linuxbox kernel: Uniform CD-ROM driver Revision: 3.10
Apr  7 19:18:13 linuxbox kernel: CSLIP: code copyright 1989 Regents of the
University of California
Apr  7 19:18:14 linuxbox kernel: PPP: version 2.3.7 (demand dialling)
Apr  7 19:18:14 linuxbox kernel: PPP line discipline registered.

   What does the 18:01:47 entry mean?
   I did Not initiate the telnet.
   This machine is one of three on a private LAN, with IP addresses in the 192.168.x.x 
range. 
   At the time, the network was off-line (hub powered off.)
   I have no entry for 127.0.0.1 in /etc/hosts.allow. Should I have? Does xinetd, or 
some other
process need to be able to telnet to the loopback? Could something in CRON have 
initiated a
request to tcp/23 that was interpreted as a telnet request?

Insights would be helpful...............thanks,

                                                                                       
                 Tom



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

strange telnet from loopback?

Reply via email to