Hosting Provided By

Re: Openbsd 3.2 wtmp delay and named backdoor

From: <Valdis.Kletnieks(at)vt.edu>
Date: Mon Jan 20 2003 - 00:34:51 EST

On Wed, 15 Jan 2003 14:19:52 GMT, Eric Weaver <internet@whttp.com> said:
> Can anyone explain what would cause a wtmp delay like this? Notice I am

Does your system use a 'utempter' type program to write to utmp?

> <suser@silver:/home/suser:3>$ w
> 5:37AM up 5 days, 1:35, 0 users, load averages: 0.42, 0.16, 0.10
> USER TTY FROM LOGIN@ IDLE WHAT
> <suser@silver:/home/suser:4>$ w
> 5:37AM up 5 days, 1:36, 1 user, load averages: 0.38, 0.15, 0.10
> USER TTY FROM LOGIN@ IDLE WHAT
> suser p0 192.168.25.104 5:37AM 0 w

If so, it may have been busy trying to do an eventually-failed PTR lookup for your 1918-space address (note the 192.168.25.104 rather than a hostname)...

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

application/pgp-signature attachment: stored

Received on Thu Jan 23 13:11:17 2003

This message: [ Message body ]
Next message: f.johan.beisser: "Re: Openbsd 3.2 wtmp delay and named backdoor"
Previous message: Michael LaSalvia: "RE: mIRC Zombie, port 445"
In reply to: Eric Weaver: "Openbsd 3.2 wtmp delay and named backdoor"
In reply to Crist J. Clark: "Re: Openbsd 3.2 wtmp delay and named backdoor"
Next in thread: f.johan.beisser: "Re: Openbsd 3.2 wtmp delay and named backdoor"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:56 EDT

Do you need help?