Is this a security concern?

From: Eric Williams (ewilliams@wesleyan.edu)
Date: Tue Sep 10 2002 - 07:43:57 EDT

• Next message: Fergus Donohue: "Fibre types and Sun storedge PCI dual fibre channel HBA (X6729A)"
• Previous message: Jaime Menendez: "SUMMARY: delete files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have been getting this message repeating in my message logs all day
for a few days now. I searched for what would be causing it and at
first it looked like a lookup problem. I nslookup'd the name and IP
both using the DNS servers we have and they both resolve fine on this
machine. Here is what I am getting:

Sep 9 00:09:30 mymachine.edu last message repeated 1 time
Sep 9 00:48:17 mymachine.edu rpc.nisd_resolv[219]: nres_gethostbyaddr:
ab-gpr-a53-01-48.look.ca != 204.174.248.48.
Sep 9 01:05:27 mymachine.edu last message repeated 1 time
Sep 9 01:32:35 mymachine.edu rpc.nisd_resolv[219]: nres_gethostbyaddr:
ab-gpr-a53-01-48.look.ca != 204.174.248.48.
Sep 9 01:49:30 mymachine.edu last message repeated 1 time
Sep 9 02:26:47 mymachine.edu rpc.nisd_resolv[219]: nres_gethostbyaddr:
ab-gpr-a53-01-48.look.ca != 204.174.248.48.
Sep 9 02:45:27 mymachine.edu last message repeated 1 time
Sep 9 03:09:35 mymachine.edu rpc.nisd_resolv[219]: nres_gethostbyaddr:
ab-gpr-a53-01-48.look.ca != 204.174.248.48.
Sep 9 03:29:30 mymachine.edu last message repeated 1 time
Sep 9 04:05:17 mymachine.edu rpc.nisd_resolv[219]: nres_gethostbyaddr:
ab-gpr-a53-01-48.look.ca != 204.174.248.48.
Sep 9 04:25:28 mymachine.edu last message repeated 1 time
Sep 9 04:46:35 mymachine.edu rpc.nisd_resolv[219]: nres_gethostbyaddr:
ab-gpr-a53-01-48.look.ca != 204.174.248.48.
Sep 9 05:09:31 mymachine.edu last message repeated 1 time
Sep 9 05:43:48 mymachine.edu rpc.nisd_resolv[219]: nres_gethostbyaddr:
ab-gpr-a53-01-48.look.ca != 204.174.248.48.
,
,
,

This just showed up a few days ago and at first I only had a few lines
during a day. This repeats all day long now. Should I be concerned
someone inside or out is trying something on my system? Any suggestions
on tracking down the cause and killing it? I'll post a follow-up.
Thanks!

------------------------------------------------------------------------
Eric Williams
Wesleyan University
ewilliams@wesleyan.edu
AIM: radvelman
860 685-3664
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Fergus Donohue: "Fibre types and Sun storedge PCI dual fibre channel HBA (X6729A)"
• Previous message: Jaime Menendez: "SUMMARY: delete files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:54 EDT