Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2004
    Posts
    78

    * Can someone tell me what these logs mean??

    1) Ive been looking into the logs and what does this mean??


    Apr 16 15:59:00 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:02 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:03 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:03 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:03 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:05 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:06 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:06 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:08 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:08 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:09 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:12 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:12 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:14 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:20 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:21 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:23 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:24 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:24 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:24 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:27 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:27 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:27 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:29 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:30 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:30 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:33 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:33 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
    Apr 16 15:59:36 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6
    2) and also why does my server ftping to itself or something??

    Apr 17 16:04:05 server proftpd[5574]: server.xxxx.com (localhost[127.0.0.1]) - FTP session opened.
    Apr 17 16:04:05 server proftpd[5574]: server.xxxx.com (localhost[127.0.0.1]) - FTP session closed.
    3)Also after I made changed to /etc/proftpd.conf.. i tried to restart it by using 'serivice proftpd restart' but it showed me the error below. How ever in whm status green light for proftpd still?... so i used whm to restart proftpd and it works. Why doesnt the command work and whm restart works?
    [email protected] [/usr/src/chkrootkit-0.43]# service proftpd restart
    /sbin/service: line 68: 17383 Hangup env -i LANG=$LANG PATH=$PATH TERM=$TERM "${SERVICEDIR}/${SERVICE}" ${OPTION
    Last edited by BeerHandle; 04-17-2004 at 06:09 AM.

  2. #2
    Join Date
    Mar 2004
    Posts
    78
    4)Last one of the day with var/log/messages.
    Apr 17 19:48:56 server kernel: ** OUT_TCP DROP ** IN= OUT=eth0 SRC=67.xxx.xxx.xxx DST=203.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=64 I$
    Apr 17 19:48:57 server proftpd: PAM-listfile: Couldn't open /etc/ftpusers
    Apr 17 19:48:57 server PAM_pwdb[17947]: (ftp) session opened for user JohnBob by (uid=0)
    Last edited by XTStrike; 04-17-2004 at 04:19 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •