Re: weird messages in syslog
Answer at bottom
----- Original Message -----
From: "Jim McCloskey" <mcclosk@ling.ucsc.edu>
To: <debian-user@lists.debian.org>
Sent: Wednesday, November 21, 2001 2:09 AM
Subject: weird messages in syslog
>
> I have the following in syslog (and in /var/log/messages):
>
> Nov 20 01:18:12 localhost SERVER[21311]: Dispatch_input: bad request
> line
>
'BBÜóÿ¿Ýóÿ¿Þóÿ¿ßóÿ¿XXXXXXXXXXXXXXXXXX%.156u%300$n%.21u%301$nsecurity%302$n%.
192u%303$n\220\220\220\220\220\220\220\220\220
>
> and so on and so on and so on.
>
> It's repeated at one second intervals between 01:18:12 and
> 01:18:47---the same message followed by the same long sequence of
> garbage-characters, with a new PID each time. There was nobody working
> on the machine at that time. There was a CRON job that ran at 01:08:01
> and then again at 01:23:01. There are no other jobs like SERVER
> reported in the logs, before or after these events.
>
> I've not seen anything like this before. Does anyone else recognize
> it or have an idea about what the source might be?
>
> This is a Debian `testing' system with kernel 2.4.14; no web server
> running.
>
> Any help would be greatly appreciated,
>
> Jim
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
----- Answer -----
it could be something as a backdoor or an arbitrary service ... try to :
cron -l
it shows u a table with binary called to be run, report it and let's see
what's there :o)
SaDIKuZboy - NetAdmin on irc.gatinho.com
Reply to: