nanog mailing list archives
Re: Future timestamps in /var/log/secure
From: gordon b slater <gordslater () ieee org>
Date: Fri, 26 Feb 2010 19:28:32 +0000
On Fri, 2010-02-26 at 10:55 -0800, Wade Peacock wrote:
the proftpd line happened to be the next line in the log. the next simular ssh lines looks like (duplicate removed) Feb 26 10:08:48 mx sshd[22165]: Did not receive identification string from UNKNOWN Feb 26 10:09:27 mx sshd[22261]: Failed password for root from 219.137.192.231 port 54111 ssh2
is it possible that a local user changed the time (maybe with a GUI app) around the time of these attempts? (failed attempts like this are normal for a machine hooked to the internet without ACLs BTW, the problem is the strange timestamp <<for the benefit of casual onlookers in the thread) Gord -- latest ITU-T declaration: all syslogs must show timestamps in Geneva time
Current thread:
- Future timestamps in /var/log/secure Wade Peacock (Feb 26)
- Re: Future timestamps in /var/log/secure Brielle Bruns (Feb 26)
- Re: Future timestamps in /var/log/secure Larry Sheldon (Feb 26)
- Re: Future timestamps in /var/log/secure Wade Peacock (Feb 26)
- Re: Future timestamps in /var/log/secure gordon b slater (Feb 26)
- Re: Future timestamps in /var/log/secure Larry Sheldon (Feb 26)
- RE: Future timestamps in /var/log/secure Joe (Feb 26)
- Re: Future timestamps in /var/log/secure gordon b slater (Feb 26)
- Re: Future timestamps in /var/log/secure Wade Peacock (Feb 26)
- Re: Future timestamps in /var/log/secure gordon b slater (Feb 26)
- Re: Future timestamps in /var/log/secure Valdis . Kletnieks (Feb 26)
- Re: Future timestamps in /var/log/secure William Pitcock (Feb 26)
- Re: Future timestamps in /var/log/secure gordon b slater (Feb 26)
- Re: Future timestamps in /var/log/secure William Pitcock (Feb 26)
- Re: Future timestamps in /var/log/secure Seth Mattinen (Feb 26)
- Re: Future timestamps in /var/log/secure Wade Peacock (Feb 26)
- Re: Future timestamps in /var/log/secure Brielle Bruns (Feb 26)