Redhat 5.1 - default setup - hacked?

Redhat 5.1 - default setup - hacked?

Post by SnowFox » Wed, 18 Nov 1998 04:00:00



I set up a Redhat 5.1 box as an experiment, intending to operate it
alongside my FreeBSD box. I haven't done much with it beyond some
performance testing. It doesn't carry any software other than the packages
provided with Redhat 5.1. I've never had a successful hack attempt with any
version of FreeBSD, however after being up a few days, this shows in
"laston -a -d" on the Redhat box.

cigna    ttyp1        Sun Nov 15 11:50 - 11:56  (00:05)
boramae.desicom.co.kr

User "cigna" was not created by me, and doesn't show up in my password file.
The password file does however, carry a suspicious modification date.
Additionally, the message log shows the following:

(Note that genesis.newtoy.com is not one of my machines, and 205.164.44.73
is not the IP of www.newtoy.com, so I suspect that I'm being delivered
forged name service responses. I would hope that named is intelligent enough
to discard these?)

Nov 15 10:56:25 green named[294]: ns_resp: query(genesis.newtoy.com)
contains our address (NS1.NEWTOY.COM:205.164.44.73)
Nov 15 10:57:08 green identd[3007]: from: 205.161.105.205
( ffml.fanfic.com ) for: 4233, 8888
Nov 15 10:57:08 green identd[3007]: Successful lookup: 4233 , 8888 :
snowfox.root
Nov 15 11:19:37 green named[294]: ns_forw: query(www.newtoy.com) contains
our address (NS1.NEWTOY.COM:205.164.44.73)
Nov 15 11:40:30 green identd[3086]: Successful lookup: 5182 , 23 :
snowfox.root
Nov 15 11:48:07 green kernel: Appletalk 0.17 for Linux NET3.035
Nov 15 11:50:32 green PAM_pwdb[3104]: (login) session opened for user cigna
by (uid=0)
Nov 15 11:50:32 green login[3104]: LOGIN ON ttyp1 BY cigna FROM
boramae.desicom.co.kr

I'd appreciate any suggestions or explanations as to exactly what this
means.

 
 
 

1. ppp redhat 5.1: not replacing default route eth0: MEANING ???

Hi,

Have a question and was wondering if anyone could help. I can connect to
my isp and the login
goes fine. I can ping the my ISP, but when I try to run netscape the
browser hangs. the only error
message that I think I see is the message in the debug part of the tail
-v -f /logs/messages section
that states:

Not replacing default route to eth0 [192.99.141.254]

I assume this is my problem, but dont really know it means . Any help
would be appreciated.
TIA

Eric

2. Warning! -- SONY SUBSTANDARD SERVICE

3. RedHat 5.1 default security.

4. DU: mmap() question

5. Is RedHat 5.1's kernel configured for PPP by default?

6. Inetd errors

7. Default router, PCMCIA and Redhat 5.1

8. How to set up linux swap space?

9. Default XWin desktop in RedHat 5.1

10. Newbie trying to setup intranet with Redhat 5.1

11. RedHat 5.1 Network Setup

12. Redhat 5.1 Modem/ISP setup