Security Incidents mailing list archives
Re: Openbsd 3.2 wtmp delay and named backdoor
From: Valdis.Kletnieks () vt edu
Date: Mon, 20 Jan 2003 00:34:51 -0500
On Wed, 15 Jan 2003 14:19:52 GMT, Eric Weaver <internet () whttp com> said:
Can anyone explain what would cause a wtmp delay like this? Notice I am invisible, until the third iteration of 'w'. I hope this is nothing more than some sort of filesystem lag or sshd delay.
Does your system use a 'utempter' type program to write to utmp?
<suser@silver:/home/suser:3>$ w 5:37AM up 5 days, 1:35, 0 users, load averages: 0.42, 0.16, 0.10 USER TTY FROM LOGIN@ IDLE WHAT <suser@silver:/home/suser:4>$ w 5:37AM up 5 days, 1:36, 1 user, load averages: 0.38, 0.15, 0.10 USER TTY FROM LOGIN@ IDLE WHAT suser p0 192.168.25.104 5:37AM 0 w
If so, it may have been busy trying to do an eventually-failed PTR lookup for your 1918-space address (note the 192.168.25.104 rather than a hostname)... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Openbsd 3.2 wtmp delay and named backdoor Eric Weaver (Jan 19)
- Message not available
- Re: Openbsd 3.2 wtmp delay and named backdoor Jose Nazario (Jan 23)
- Message not available
- Re: Openbsd 3.2 wtmp delay and named backdoor Valdis . Kletnieks (Jan 23)