On Fri, May 16, 2003 at 02:30:09PM +0200, Andreas Vitz remarked: > Hi there, > I'm knew to the program called logchecker and today i got > following message: > > kai-router 2003/05/15 23:02 ACTIVE SYSTEM ATTACK! > > Cleaned rules files exist in /var/lib/logcheck/cleaned > directory that cannot be removed. This may be an attempt to > spoof the log checker. > > i don't understand what this message means. and i dont fing > good how-to's, documentations or stuff like this about > warnings caused by logcheck > > > > > there are some other suspicious (to me) log entries: > > May 15 09:25:46 kai-router pppoe[180]: Bogus PPPoE length field (1262) > May 15 09:27:25 kai-router pppoe[180]: Bogus PPPoE length field (111) > May 15 09:27:33 kai-router pppoe[180]: Bogus PPPoE length field (111) > May 15 09:27:33 kai-router pppoe[180]: Bogus PPPoE length field (48) > May 15 09:27:33 kai-router pppoe[180]: Bogus PPPoE length field (111) > May 15 09:27:33 kai-router pppoe[180]: Bogus PPPoE length field (48) > May 15 09:28:37 kai-router pppoe[180]: Bogus PPPoE length field (111) > May 15 09:28:39 kai-router pppoe[180]: Bogus PPPoE length field (111) > May 15 09:29:42 kai-router pppoe[180]: Bogus PPPoE length field (50) > May 15 09:36:45 kai-router pppoe[180]: Bogus PPPoE length field (623) > May 15 09:36:48 kai-router pppoe[180]: Bogus PPPoE length field (111) > May 15 09:37:07 kai-router pppoe[180]: Bogus PPPoE length field (111) > May 15 09:47:18 kai-router pppoe[180]: Bogus PPPoE length field (172) > > i get them day by day, since a week or so. > > I use a adsl connection. > > > so my final question "have i been hacked" ??? > > yours > > Andreas Vitz Run chkrootkit (as root) and see if there are any signs of tampering. Cheers, Raymond
Attachment:
pgp50qRXYXiIQ.pgp
Description: PGP signature