[ale] LogWatch secure-log question/concern
Jim Seymour
bluejay at speedfactory.net
Thu Sep 18 05:44:52 EDT 2003
On Wed, 17 Sep 2003, synco gibraldter wrote:
> On 17 Sep 2003 at 6:00, Jim Seymour wrote:
>
> >
> > What is happening in the snippet of my LogWatch below? Does the
> > secure connection info suggest that someone has been successful in
> > connecting to my computer? I do not run a server of any kind (that I
> > know of). I found several of these in my LogWatch e-mails for about a
> > week at the end of August and into the first week of September. This
> > is a RedHat 7.3 system.
> >
>
> in a sense, yes... if xinetd is reporting activity, the traffic has successfully made it
> past your system packet filters [if you have any]. it does not, however, mean that
> they've been granted access. inetd basically "takes" the connections and hands
> them off to the daemons specified in inetd's config file. if you're not wanting to run
> any servers, you shouldn't even bother running inetd, as that's all it's good for.
>
I went to grc.com and ran their port scans. Running in "stealth" for the
most part and no ports came up as listening. I guess it's time to try to
figure out ipchains since that is what I am using now. Would like to hit
full stealth without disabling RealPlayer, etc.
> > ##################LogWatch 2.6 Begin #####################
> >
> >
> > ---------------- Connections (secure-log) Begin -------------------
> >
> > **Unmatched Entries**
> > xinetd[884]: START: sgi_fam pid=26198 from=<no address>
> > xinetd[884]: START: sgi_fam pid=26500 from=<no address>
> > xinetd[884]: START: sgi_fam pid=27227 from=<no address>
> >
> >
> > ----------------- Connections (secure-log) End --------------------
> >
Thanks,
--
Jim Seymour
www.wingbarscafe.com
More information about the Ale
mailing list