unknown auth entries in log

Alexander Dalloz ad+lists at uni-x.org
Wed Dec 15 02:13:54 UTC 2004

Am Mi, den 15.12.2004 schrieb Xia Bin um 2:32:

> This mornning I find some ip address listed in the "System auth log"
> section in my daily root mail.
> I've been new to linux and I would be glad if someone can tell me why
> are those IPs listed, and most importantly: would it be a crack? If it
> was, what to do next?

> Connections:
>    Service auth:
> 1 Time(s)
> 1 Time(s)
> 1 Time(s)
> 2 Time(s)

You have the authd service running, which listens on port 113, it is
reachable by foreign hosts either because the iptables setup permits it
or because the firewall is down. The connections can have several
reasons: either caused by scans against your host or the regular case is
that auth was requested when sending mail or establishing an irc
session. It is mostly harmless, no need to worry. The authd service is
intented to be public reachable.


Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp 
Serendipity 03:10:37 up 4 days, 21:51, load average: 0.04, 0.16, 0.25 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20041215/c63d1aa1/attachment-0002.bin 

More information about the users mailing list