Am Mi, den 15.12.2004 schrieb Xia Bin um 2:32: > This mornning I find some ip address listed in the "System auth log" > section in my daily root mail. > > I've been new to linux and I would be glad if someone can tell me why > are those IPs listed, and most importantly: would it be a crack? If it > was, what to do next? > Connections: > > Service auth: > > 66.154.80.100: 1 Time(s) > 192.168.0.1: 1 Time(s) > 212.204.214.114: 1 Time(s) > 216.55.156.62: 2 Time(s) You have the authd service running, which listens on port 113, it is reachable by foreign hosts either because the iptables setup permits it or because the firewall is down. The connections can have several reasons: either caused by scans against your host or the regular case is that auth was requested when sending mail or establishing an irc session. It is mostly harmless, no need to worry. The authd service is intented to be public reachable. Alexander -- Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp Serendipity 03:10:37 up 4 days, 21:51, load average: 0.04, 0.16, 0.25
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
