nanog mailing list archives

Re: Future timestamps in /var/log/secure

From: gordon b slater <gordslater () ieee org>
Date: Fri, 26 Feb 2010 19:28:32 +0000

On Fri, 2010-02-26 at 10:55 -0800, Wade Peacock wrote:

the proftpd line happened to be the next line in the log.  the
next simular ssh lines looks like (duplicate removed)

Feb 26 10:08:48 mx sshd[22165]: Did not receive identification string from UNKNOWN
Feb 26 10:09:27 mx sshd[22261]: Failed password for root from 219.137.192.231 port 54111 ssh2


is it possible that a local user changed the time (maybe with a GUI app)
around the time of these attempts?

(failed attempts like this are normal for a machine hooked to the
internet without ACLs BTW, the problem is the strange timestamp <<for
the benefit of casual onlookers in the thread)

Gord

-- 
latest ITU-T declaration: all syslogs must show timestamps in Geneva
time

Current thread:

Future timestamps in /var/log/secure Wade Peacock (Feb 26)
- Re: Future timestamps in /var/log/secure Brielle Bruns (Feb 26)
  - Re: Future timestamps in /var/log/secure Larry Sheldon (Feb 26)
    - Re: Future timestamps in /var/log/secure Wade Peacock (Feb 26)
    - Re: Future timestamps in /var/log/secure gordon b slater (Feb 26)
  - RE: Future timestamps in /var/log/secure Joe (Feb 26)
  - Re: Future timestamps in /var/log/secure gordon b slater (Feb 26)
  - Re: Future timestamps in /var/log/secure Wade Peacock (Feb 26)
    - Re: Future timestamps in /var/log/secure gordon b slater (Feb 26)
    - Re: Future timestamps in /var/log/secure Valdis . Kletnieks (Feb 26)
  - Re: Future timestamps in /var/log/secure William Pitcock (Feb 26)
    - Re: Future timestamps in /var/log/secure gordon b slater (Feb 26)
    - Re: Future timestamps in /var/log/secure William Pitcock (Feb 26)
    - Re: Future timestamps in /var/log/secure Seth Mattinen (Feb 26)
    - Re: Future timestamps in /var/log/secure Wade Peacock (Feb 26)

(Thread continues...)