Web Hosting Talk






PDA

View Full Version : hack attempt?

realalien
12-02-2002, 03:02 AM
Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 1 08:35:21 mybox identd[16102]: request_thread: read(9, ..., 1023) failed: Connection reset by peer Dec 1 08:35:53 mybox identd[16145]: request_thread: read(9, ..., 1023) failed: Connection reset by peer

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Dec 1 08:35:21 mybox identd[16102]: request_thread: read(9, ..., 1023) failed: Connection reset by peer Dec 1 08:35:53 mybox identd[16145]: request_thread: read(9, ..., 1023) failed: Connection reset by peer


could you please tell me what this is?

thanks a lot!
skelley1
12-02-2002, 03:07 AM
Do you have IRC on your box? maybe authentication attempts by the irc bots.
bambenek
12-02-2002, 03:08 AM
Identd is a service that is usually used for identifying the user that is initiating network connections, (i.e. I SSH to a box, that box requests what user is making that connection and puts it into the log). I would disable identd personally, because it isn't worth it. But I doubt it was a serious hack attempt, not without any other things tipping you off.
realalien
12-02-2002, 03:08 AM
no I do not have irc on my box... since 10 hours I get about one warning mail per minute with this stuff :( any idea?

Could it perhaps be mysql? It says "request_thread"...
realalien
12-02-2002, 03:15 AM
Identd is a service that is usually used for identifying the user that is initiating network connections

hmmmm if so I'm really wondering why I don't see the ip address of this guy... still unsure what's going on and what to do...
skelley1
12-02-2002, 03:27 AM
Originally posted by realalien
no I do not have irc on my box... since 10 hours I get about one warning mail per minute with this stuff :( any idea?

Could it perhaps be mysql? It says "request_thread"...

Please consider I'm not a security expert, but here's some things to think about:

I am assuming that repeated attempts are to fill up your log file, if this is indead a breach of security.

You may want to consider shutting down services and unnecessary ports until you've figured this out.

Make sure you check your bash history and all logs, he may not be smart enough to cover all his tracks.

Check to make sure that some kind of back door isn't being installed on your system.