[ale] LogWatch secure-log question/concern

zeb n4zm at mindspring.com
Wed Sep 17 07:11:58 EDT 2003


synco gibraldter wrote:
> On 17 Sep 2003 at 6:00, Jim Seymour wrote:
> 
> 
>>What is happening in the snippet of my LogWatch below?  Does the
>>secure connection info suggest that someone has been successful in
>>connecting to my computer?  I do not run a server of any kind (that I
>>know of).  I found several of these in my LogWatch e-mails for about a
>>week at the end of August and into the first week of September.  This
>>is a RedHat 7.3 system.
>>
> 
> 
> in a sense, yes... if xinetd is reporting activity, the traffic has successfully made it 
> past your system packet filters [if you have any].  it does not, however, mean that 
> they've been granted access.  inetd basically "takes" the connections and hands 
> them off to the daemons specified in inetd's config file.  if you're not wanting to run 
> any servers, you shouldn't even bother running inetd, as that's all it's good for.
> 
> might be a good idea to portscan yourself to find out just how many services your 
> system is, in fact, running.  check your init scripts to find out when xinetd is being 
> started or check the inetd config file to modify the hand-off rules.
> 
> 
>> ################## LogWatch 2.6 Begin #####################
>>
>>
>> ---------------- Connections (secure-log) Begin -------------------
>>
>>**Unmatched Entries**
>>xinetd[884]: START: sgi_fam pid=26198 from=<no address>
>>xinetd[884]: START: sgi_fam pid=26500 from=<no address>
>>xinetd[884]: START: sgi_fam pid=27227 from=<no address>
>>
>>
>> ----------------- Connections (secure-log) End --------------------
>>
>>TIA,
>>
>>-- 
>>Jim Seymour
>>www.wingbarscafe.com
>>
>>
>>_______________________________________________
>>Ale mailing list
>>Ale at ale.org
>>http://www.ale.org/mailman/listinfo/ale
> 
> 
> 
> 
> --    synco gibraldter
> --    atlanta, ga
> --    synco at xodarap.net
> --    key id: 0xC5117E0A
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
If you want to know the open ports, go to "grc.com" (Steve Gibson's 
site) and run his "Shields Up!" application.  It will probe all the 
"common" ports (and do some other things.)




More information about the Ale mailing list