Logfile Output

Server Date Service Message
bhodisoft.com Sent: From: root@mail Sunday, July 30, 20 3:10 AM

odisoft.com Subject: To: [email protected] Contents of message 1

Jul 23 04:02:0 roto-router syslogd .3-3: restart.

roto-router Jul 23 04:02:02 syslogd 1.3-3 restart.

roto-router Jul 23 04:02:03 syslogd 1.3-3 restart.

roto-router Jul 23 04:02:03 syslogd 1.3-3 restart.

roto-router Jul 23 04:02:04 syslogd 1.3-3 restart.

roto-router Jul 23 04:54:21 sshd[619] connection from "10.0.0.3"

roto-router Jul 23 04:54:32 sshd[23948] User bswopes's local password accepted.

roto-router Jul 23 04:54:32 sshd[23948] Password authentication for user bswopes accepted.

roto-router Jul 23 04:54:32 sshd[23948] User bswopes, coming from hume.the-well.lan, authenticated.

roto-router Jul 23 05:02:55 sshd[23948] Remote host disconnected: Connection closed.

roto-router Jul 23 05:02:55 sshd[23948] connection lost: 'Connection closed.'

roto-router Jul 23 14:54:06 ftpd[24422] FTP LOGIN FROM hume.the-well.lan [10.0.0.3], bswopes

roto-router Jul 23 14:54:11 ftpd[24422] FTP session closed

roto-router Jul 24 18:06:56 sshd[20125] Remote host disconnected: Connection closed.

roto-router Jul 24 18:06:56 sshd[20125] connection lost: 'Connection closed.'

roto-router Jul 24 18:07:10 sshd[619] connection from "10.0.0.3"

roto-router Jul 24 18:07:18 sshd[25823] User tailmon's local password accepted.

roto-router Jul 24 18:07:18 sshd[25823] Password authentication for user tailmon accepted.

roto-router Jul 24 18:07:18 sshd[25823] User tailmon, coming from hume.the-well.lan, authenticated.

roto-router Jul 24 20:08:09 sshd[25823] Remote host disconnected: Connection closed.

roto-router Jul 24 20:08:09 sshd[25823] connection lost: 'Connection closed.'

roto-router Jul 25 01:32:15 sshd[619] connection from "209.247.53.208"

roto-router Jul 25 01:33:01 sshd[26215] User paramitaom's local password accepted.

roto-router Jul 25 01:33:01 sshd[26215] Password authentication for user paramitaom accepted.

roto-router Jul 25 01:33:01 sshd[26215] User paramitaom, coming from dialup-209.247.53.208.SanFrancisco1.Level3.net, authenticated.

roto-router Jul 25 01:34:13 sshd[619] connection from "10.0.0.3"

roto-router Jul 25 01:34:20 sshd[26231] User tailmon's local password accepted.

roto-router Jul 25 01:34:20 sshd[26231] Password authentication for user tailmon accepted.

roto-router Jul 25 01:34:20 sshd[26231] User tailmon, coming from hume.the-well.lan, authenticated.

roto-router Jul 25 01:37:24 sshd[26215] Remote host disconnected: Connection closed.

roto-router Jul 25 01:37:24 sshd[26215] connection lost: 'Connection closed.'

roto-router Jul 25 02:21:29 sshd[619] connection from "10.0.0.2"

roto-router Jul 25 02:22:02 sshd[26288] User bswopes's local password accepted.

roto-router Jul 25 02:22:02 sshd[26288] Password authentication for user bswopes accepted.

roto-router Jul 25 02:22:02 sshd[26288] User bswopes, coming from shiva.the-well.lan, authenticated.

roto-router Jul 25 02:22:10 PAM_pwdb[26304] (su) session opened for user root by bswopes(uid=500)

roto-router Jul 25 02:22:55 PAM_pwdb[26304] (su) session closed for user root

roto-router Jul 25 02:22:56 sshd[26288] Remote host disconnected: Connection closed.

roto-router Jul 25 02:22:56 sshd[26288] connection lost: 'Connection closed.'

roto-router Jul 25 02:28:44 sshd[619] connection from "10.0.0.3"

roto-router Jul 25 02:28:54 sshd[26342] User bswopes's local password accepted.

roto-router Jul 25 02:28:54 sshd[26342] Password authentication for user bswopes accepted.

roto-router Jul 25 02:28:54 sshd[26342] User bswopes, coming from hume.the-well.lan, authenticated.

roto-router Jul 25 02:29:47 PAM_pwdb[26367] authentication failure; bswopes(uid=500) -> root for su service

roto-router Jul 25 02:29:54 PAM_pwdb[26369] (su) session opened for user root by bswopes(uid=500)

roto-router Jul 25 02:31:24 PAM_pwdb[26369] (su) session closed for user root

roto-router Jul 25 02:31:25 sshd[26342] Remote host disconnected: Connection closed.

roto-router Jul 25 02:31:25 sshd[26342] connection lost: 'Connection closed.'

roto-router Jul 25 03:05:13 ftpd[26428] failed login from shiva.the-well.lan [10.0.0.2]

roto-router Jul 25 03:05:18 ftpd[26428] FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes

roto-router Jul 25 03:05:43 ftpd[26428] FTP session closed

roto-router Jul 25 03:13:51 sshd[619] connection from "10.0.0.2"

roto-router Jul 25 03:14:02 sshd[26442] User bswopes's local password accepted.

roto-router Jul 25 03:14:02 sshd[26442] Password authentication for user bswopes accepted.

roto-router Jul 25 03:14:02 sshd[26442] User bswopes, coming from shiva.the-well.lan, authenticated.

roto-router Jul 25 03:14:17 sshd[26442] Remote host disconnected: Connection closed.

roto-router Jul 25 03:14:17 sshd[26442] connection lost: 'Connection closed.'

roto-router Jul 25 03:16:42 sshd[619] connection from "10.0.0.3"

roto-router Jul 25 03:16:52 sshd[26462] User bswopes's local password accepted.

roto-router Jul 25 03:16:52 sshd[26462] Password authentication for user bswopes accepted.

roto-router Jul 25 03:16:52 sshd[26462] User bswopes, coming from hume.the-well.lan, authenticated.

roto-router Jul 25 04:19:12 PAM_pwdb[26696] (su) session opened for user root by bswopes(uid=500)

roto-router Jul 25 04:27:31 PAM_pwdb[26696] (su) session closed for user root

roto-router Jul 25 04:27:32 sshd[26462] Remote host disconnected: Connection closed.

roto-router Jul 25 04:27:32 sshd[26462] connection lost: 'Connection closed.'

roto-router Jul 25 04:43:47 sshd[619] connection from "10.0.0.3"

roto-router Jul 25 04:43:59 sshd[26769] User bswopes's local password accepted.

roto-router Jul 25 04:43:59 sshd[26769] Password authentication for user bswopes accepted.

roto-router Jul 25 04:43:59 sshd[26769] User bswopes, coming from hume.the-well.lan, authenticated.

roto-router Jul 25 05:06:47 sshd[26769] Remote host disconnected: Connection closed.

roto-router Jul 25 05:06:47 sshd[26769] connection lost: 'Connection closed.'

roto-router Jul 25 12:10:23 sshd[619] connection from "10.0.0.3"

roto-router Jul 25 12:10:33 sshd[27132] User bswopes's local password accepted.

roto-router Jul 25 12:10:33 sshd[27132] Password authentication for user bswopes accepted.

roto-router Jul 25 12:10:33 sshd[27132] User bswopes, coming from hume.the-well.lan, authenticated.

roto-router Jul 25 12:11:11 sshd[27132] Remote host disconnected: Connection closed.

roto-router Jul 25 12:11:11 sshd[27132] connection lost: 'Connection closed.'

roto-router Jul 25 13:01:53 sshd[619] connection from "10.0.0.3"

roto-router Jul 25 13:02:04 sshd[27204] User bswopes's local password accepted.

roto-router Jul 25 13:02:04 sshd[27204] Password authentication for user bswopes accepted.

roto-router Jul 25 13:02:04 sshd[27204] User bswopes, coming from hume.the-well.lan, authenticated.

roto-router Jul 25 14:56:34 ftpd[27378] FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes

roto-router Jul 25 14:56:53 ftpd[27378] FTP session closed

roto-router Jul 25 15:09:55 PAM_pwdb[27397] (su) session opened for user root by bswopes(uid=500)

roto-router Jul 25 15:10:19 PAM_pwdb[27397] (su) session closed for user root

roto-router Jul 25 15:13:07 PAM_pwdb[27438] (su) session opened for user root by bswopes(uid=500)

roto-router Jul 25 15:13:41 PAM_pwdb[27438] (su) session closed for user root

roto-router Jul 25 15:16:02 PAM_pwdb[27465] (su) session opened for user root by bswopes(uid=500)

roto-router Jul 25 15:16:10 named[27483] starting. named 8.2.2-P5 Tue Mar 7 02:45:02 PST 2000 ^Iroot@roto-router:/root/tarball/bind/src/bin/named

roto-router Jul 25 15:16:10 named[27483] /etc/named.conf:13: can't redefine channel 'default_syslog'

roto-router Jul 25 15:17:36 named[27498] starting. named 8.2.2-P5 Tue Mar 7 02:45:02 PST 2000 ^Iroot@roto-router:/root/tarball/bind/src/bin/named

roto-router Jul 25 15:17:36 named[27498] /etc/named.conf:13: can't redefine channel 'default_syslog'

roto-router Jul 25 15:18:23 named[27508] starting. named 8.2.2-P5 Tue Mar 7 02:45:02 PST 2000 ^Iroot@roto-router:/root/tarball/bind/src/bin/named

roto-router Jul 25 15:18:23 named[27508] /etc/named.conf:13: can't redefine channel 'default_syslog'

roto-router Jul 25 15:18:39 PAM_pwdb[27465] (su) session closed for user root

roto-router Jul 25 18:30:57 sshd[27204] Remote host disconnected: Connection closed.

roto-router Jul 25 18:30:57 sshd[27204] connection lost: 'Connection closed.'

roto-router Jul 25 19:29:34 ftpd[27803] FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes

roto-router Jul 25 19:29:50 ftpd[27803] FTP session closed

roto-router Jul 25 19:35:02 ftpd[27813] FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes

roto-router Jul 25 19:35:12 ftpd[27813] FTP session closed

roto-router Jul 25 19:38:03 sshd[619] connection from "10.0.0.3"

roto-router Jul 25 19:38:23 sshd[27817] User bswopes's local password accepted.

roto-router Jul 25 19:38:23 sshd[27817] Password authentication for user bswopes accepted.

roto-router Jul 25 19:38:23 sshd[27817] User bswopes, coming from hume.the-well.lan, authenticated.

roto-router Jul 25 19:53:02 PAM_pwdb[27849] (su) session opened for user root by bswopes(uid=500)

roto-router Jul 25 19:57:06 ftpd[27870] FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes

roto-router Jul 25 19:57:46 ftpd[27870] FTP session closed

roto-router Jul 25 20:02:14 PAM_pwdb[27849] (su) session closed for user root

roto-router Jul 25 20:27:19 ftpd[27962] FTP session closed

roto-router Jul 25 20:27:19 sshd[619] connection from "10.0.0.2"

roto-router Jul 25 20:27:20 sshd[27965] Remote host disconnected: Connection closed by remote host.

roto-router Jul 25 20:27:21 sshd[27965] connection lost: 'Connection closed by remote host.'

roto-router Jul 25 21:53:35 PAM_pwdb[28061] (su) session opened for user root by bswopes(uid=500)

roto-router Jul 25 21:54:02 PAM_pwdb[28061] (su) session closed for user root

roto-router Jul 25 21:54:07 sshd[27817] Remote host disconnected: Connection closed.

roto-router Jul 25 21:54:07 sshd[27817] connection lost: 'Connection closed.'

roto-router Jul 25 22:21:23 sshd[619] connection from "10.0.0.2"

roto-router Jul 25 22:21:41 sshd[28110] User bswopes's local password accepted.

roto-router Jul 25 22:21:41 sshd[28110] Password authentication for user bswopes accepted.

roto-router Jul 25 22:21:41 sshd[28110] User bswopes, coming from shiva.the-well.lan, authenticated.

roto-router Jul 25 22:22:03 sshd[28110] Remote host disconnected: Connection closed.

roto-router Jul 25 22:22:03 sshd[28110] connection lost: 'Connection closed.'

roto-router Jul 25 22:40:06 sshd[619] connection from "10.0.0.3"

roto-router Jul 25 22:40:17 sshd[28145] User bswopes's local password accepted.

roto-router Jul 25 22:40:17 sshd[28145] Password authentication for user bswopes accepted.

roto-router Jul 25 22:40:17 sshd[28145] User bswopes, coming from hume.the-well.lan, authenticated.

roto-router Jul 25 22:40:27 sshd[28145] Remote host disconnected: Connection closed.

roto-router Jul 25 22:40:27 sshd[28145] connection lost: 'Connection closed.'

roto-router Jul 25 22:44:25 sshd[619] connection from "10.0.0.3"

roto-router Jul 25 22:44:36 sshd[28171] Remote host disconnected: Unable to authenticate using any of the configured authentication methods

roto-router Jul 25 22:44:36 sshd[28171] disconnected by application: 'Unable to authenticate using any of the configured authentication methods'

roto-router Jul 26 14:04:09 sshd[26231] Remote host disconnected: Connection closed.

roto-router Jul 26 14:04:09 sshd[26231] connection lost: 'Connection closed.'

roto-router Jul 26 14:25:42 sshd[619] connection from "10.0.0.3"

roto-router Jul 26 14:25:50 sshd[29119] User tailmon's local password accepted.

roto-router Jul 26 14:25:50 sshd[29119] Password authentication for user tailmon accepted.

roto-router Jul 26 14:25:50 sshd[29119] User tailmon, coming from hume.the-well.lan, authenticated.

roto-router Jul 26 22:25:02 sshd[619] connection from "10.0.0.5"

roto-router Jul 26 22:25:03 sshd[29505] DNS lookup failed for "10.0.0.5".

roto-router Jul 26 22:25:08 sshd[619] connection from "10.0.0.3"

roto-router Jul 26 22:25:17 sshd[29505] Connection from 10.0.0.5 denied. Authentication as user james was attempted.

roto-router Jul 26 22:25:17 sshd[29505] Remote host disconnected: No further authentication methods available.

roto-router Jul 26 22:25:17 sshd[29505] disconnected by application: 'No further authentication methods available.'

roto-router Jul 26 22:25:24 sshd[619] connection from "10.0.0.5"

roto-router Jul 26 22:25:24 sshd[29513] DNS lookup failed for "10.0.0.5".

roto-router Jul 26 22:25:29 sshd[29508] User bswopes's local password accepted.

roto-router Jul 26 22:25:29 sshd[29508] Password authentication for user bswopes accepted.

roto-router Jul 26 22:25:29 sshd[29508] User bswopes, coming from hume.the-well.lan, authenticated.

roto-router Jul 26 22:25:34 sshd[29513] Connection from 10.0.0.5 denied. Authentication as user james was attempted.

roto-router Jul 26 22:25:34 sshd[29513] Remote host disconnected: No further authentication methods available.

roto-router Jul 26 22:25:34 sshd[29513] disconnected by application: 'No further authentication methods available.'

roto-router Jul 26 22:25:50 sshd[619] connection from "10.0.0.5"

roto-router Jul 26 22:25:50 sshd[29533] DNS lookup failed for "10.0.0.5".

roto-router Jul 26 22:25:58 sshd[29533] Connection from 10.0.0.5 denied. Authentication as user james was attempted.

roto-router Jul 26 22:25:58 sshd[29533] Remote host disconnected: No further authentication methods available.

roto-router Jul 26 22:25:58 sshd[29533] disconnected by application: 'No further authentication methods available.'

roto-router Jul 26 22:26:32 sshd[619] connection from "10.0.0.5"

roto-router Jul 26 22:26:33 sshd[29539] DNS lookup failed for "10.0.0.5".

roto-router Jul 26 22:26:40 sshd[29539] Connection from 10.0.0.5 denied. Authentication as user bswopes was attempted.

roto-router Jul 26 22:26:40 sshd[29539] Remote host disconnected: No further authentication methods available.

roto-router Jul 26 22:26:40 sshd[29539] disconnected by application: 'No further authentication methods available.'

roto-router Jul 26 22:34:43 PAM_pwdb[29592] authentication failure; bswopes(uid=500) -> root for su service

roto-router Jul 26 22:34:52 PAM_pwdb[29594] (su) session opened for user root by bswopes(uid=500)

roto-router Jul 26 22:37:45 PAM_pwdb[29594] (su) session closed for user root

roto-router Jul 26 22:37:48 sshd[29508] Remote host disconnected: Connection closed.

roto-router Jul 26 22:37:48 sshd[29508] connection lost: 'Connection closed.'

roto-router Jul 26 23:08:58 sshd[619] connection from "10.0.0.3"

roto-router Jul 26 23:08:58 sshd[29119] Remote host disconnected: Connection closed.

roto-router Jul 26 23:08:58 sshd[29119] connection lost: 'Connection closed.'

roto-router Jul 26 23:09:06 sshd[29650] User tailmon's local password accepted.

roto-router Jul 26 23:09:06 sshd[29650] Password authentication for user tailmon accepted.

roto-router Jul 26 23:09:06 sshd[29650] User tailmon, coming from hume.the-well.lan, authenticated.

roto-router Jul 29 11:10:45 portsentry[7083] attackalert: SYN/Normal scan from host: 211.169.82.130/211.169.82.130 to TCP port: 98

roto-router Jul 29 11:10:45 portsentry[7083] attackalert: Host 211.169.82.130 has been blocked via wrappers with string: "ALL: 211.169.82.130"

roto-router Jul 29 11:10:45 portsentry[7083] attackalert: Host 211.169.82.130 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 211.169.82.130 -j DENY -l"

Server	Date	Service	Message
bhodisoft.com Sent:	From: root@mail	Sunday, July 30, 20	3:10 AM
odisoft.com Subject:	To: [email protected]	Contents of message	1
	Jul 23 04:02:0	roto-router syslogd	.3-3: restart.
roto-router	Jul 23 04:02:02	syslogd 1.3-3	restart.
roto-router	Jul 23 04:02:03	syslogd 1.3-3	restart.
roto-router	Jul 23 04:02:03	syslogd 1.3-3	restart.
roto-router	Jul 23 04:02:04	syslogd 1.3-3	restart.
roto-router	Jul 23 04:54:21	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 23 04:54:32	sshd[23948]	User bswopes's local password accepted.
roto-router	Jul 23 04:54:32	sshd[23948]	Password authentication for user bswopes accepted.
roto-router	Jul 23 04:54:32	sshd[23948]	User bswopes, coming from hume.the-well.lan, authenticated.
roto-router	Jul 23 05:02:55	sshd[23948]	Remote host disconnected: Connection closed.
roto-router	Jul 23 05:02:55	sshd[23948]	connection lost: 'Connection closed.'
roto-router	Jul 23 14:54:06	ftpd[24422]	FTP LOGIN FROM hume.the-well.lan [10.0.0.3], bswopes
roto-router	Jul 23 14:54:11	ftpd[24422]	FTP session closed
roto-router	Jul 24 18:06:56	sshd[20125]	Remote host disconnected: Connection closed.
roto-router	Jul 24 18:06:56	sshd[20125]	connection lost: 'Connection closed.'
roto-router	Jul 24 18:07:10	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 24 18:07:18	sshd[25823]	User tailmon's local password accepted.
roto-router	Jul 24 18:07:18	sshd[25823]	Password authentication for user tailmon accepted.
roto-router	Jul 24 18:07:18	sshd[25823]	User tailmon, coming from hume.the-well.lan, authenticated.
roto-router	Jul 24 20:08:09	sshd[25823]	Remote host disconnected: Connection closed.
roto-router	Jul 24 20:08:09	sshd[25823]	connection lost: 'Connection closed.'
roto-router	Jul 25 01:32:15	sshd[619]	connection from "209.247.53.208"
roto-router	Jul 25 01:33:01	sshd[26215]	User paramitaom's local password accepted.
roto-router	Jul 25 01:33:01	sshd[26215]	Password authentication for user paramitaom accepted.
roto-router	Jul 25 01:33:01	sshd[26215]	User paramitaom, coming from dialup-209.247.53.208.SanFrancisco1.Level3.net, authenticated.
roto-router	Jul 25 01:34:13	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 25 01:34:20	sshd[26231]	User tailmon's local password accepted.
roto-router	Jul 25 01:34:20	sshd[26231]	Password authentication for user tailmon accepted.
roto-router	Jul 25 01:34:20	sshd[26231]	User tailmon, coming from hume.the-well.lan, authenticated.
roto-router	Jul 25 01:37:24	sshd[26215]	Remote host disconnected: Connection closed.
roto-router	Jul 25 01:37:24	sshd[26215]	connection lost: 'Connection closed.'
roto-router	Jul 25 02:21:29	sshd[619]	connection from "10.0.0.2"
roto-router	Jul 25 02:22:02	sshd[26288]	User bswopes's local password accepted.
roto-router	Jul 25 02:22:02	sshd[26288]	Password authentication for user bswopes accepted.
roto-router	Jul 25 02:22:02	sshd[26288]	User bswopes, coming from shiva.the-well.lan, authenticated.
roto-router	Jul 25 02:22:10	PAM_pwdb[26304]	(su) session opened for user root by bswopes(uid=500)
roto-router	Jul 25 02:22:55	PAM_pwdb[26304]	(su) session closed for user root
roto-router	Jul 25 02:22:56	sshd[26288]	Remote host disconnected: Connection closed.
roto-router	Jul 25 02:22:56	sshd[26288]	connection lost: 'Connection closed.'
roto-router	Jul 25 02:28:44	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 25 02:28:54	sshd[26342]	User bswopes's local password accepted.
roto-router	Jul 25 02:28:54	sshd[26342]	Password authentication for user bswopes accepted.
roto-router	Jul 25 02:28:54	sshd[26342]	User bswopes, coming from hume.the-well.lan, authenticated.
roto-router	Jul 25 02:29:47	PAM_pwdb[26367]	authentication failure; bswopes(uid=500) -> root for su service
roto-router	Jul 25 02:29:54	PAM_pwdb[26369]	(su) session opened for user root by bswopes(uid=500)
roto-router	Jul 25 02:31:24	PAM_pwdb[26369]	(su) session closed for user root
roto-router	Jul 25 02:31:25	sshd[26342]	Remote host disconnected: Connection closed.
roto-router	Jul 25 02:31:25	sshd[26342]	connection lost: 'Connection closed.'
roto-router	Jul 25 03:05:13	ftpd[26428]	failed login from shiva.the-well.lan [10.0.0.2]
roto-router	Jul 25 03:05:18	ftpd[26428]	FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes
roto-router	Jul 25 03:05:43	ftpd[26428]	FTP session closed
roto-router	Jul 25 03:13:51	sshd[619]	connection from "10.0.0.2"
roto-router	Jul 25 03:14:02	sshd[26442]	User bswopes's local password accepted.
roto-router	Jul 25 03:14:02	sshd[26442]	Password authentication for user bswopes accepted.
roto-router	Jul 25 03:14:02	sshd[26442]	User bswopes, coming from shiva.the-well.lan, authenticated.
roto-router	Jul 25 03:14:17	sshd[26442]	Remote host disconnected: Connection closed.
roto-router	Jul 25 03:14:17	sshd[26442]	connection lost: 'Connection closed.'
roto-router	Jul 25 03:16:42	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 25 03:16:52	sshd[26462]	User bswopes's local password accepted.
roto-router	Jul 25 03:16:52	sshd[26462]	Password authentication for user bswopes accepted.
roto-router	Jul 25 03:16:52	sshd[26462]	User bswopes, coming from hume.the-well.lan, authenticated.
roto-router	Jul 25 04:19:12	PAM_pwdb[26696]	(su) session opened for user root by bswopes(uid=500)
roto-router	Jul 25 04:27:31	PAM_pwdb[26696]	(su) session closed for user root
roto-router	Jul 25 04:27:32	sshd[26462]	Remote host disconnected: Connection closed.
roto-router	Jul 25 04:27:32	sshd[26462]	connection lost: 'Connection closed.'
roto-router	Jul 25 04:43:47	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 25 04:43:59	sshd[26769]	User bswopes's local password accepted.
roto-router	Jul 25 04:43:59	sshd[26769]	Password authentication for user bswopes accepted.
roto-router	Jul 25 04:43:59	sshd[26769]	User bswopes, coming from hume.the-well.lan, authenticated.
roto-router	Jul 25 05:06:47	sshd[26769]	Remote host disconnected: Connection closed.
roto-router	Jul 25 05:06:47	sshd[26769]	connection lost: 'Connection closed.'
roto-router	Jul 25 12:10:23	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 25 12:10:33	sshd[27132]	User bswopes's local password accepted.
roto-router	Jul 25 12:10:33	sshd[27132]	Password authentication for user bswopes accepted.
roto-router	Jul 25 12:10:33	sshd[27132]	User bswopes, coming from hume.the-well.lan, authenticated.
roto-router	Jul 25 12:11:11	sshd[27132]	Remote host disconnected: Connection closed.
roto-router	Jul 25 12:11:11	sshd[27132]	connection lost: 'Connection closed.'
roto-router	Jul 25 13:01:53	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 25 13:02:04	sshd[27204]	User bswopes's local password accepted.
roto-router	Jul 25 13:02:04	sshd[27204]	Password authentication for user bswopes accepted.
roto-router	Jul 25 13:02:04	sshd[27204]	User bswopes, coming from hume.the-well.lan, authenticated.
roto-router	Jul 25 14:56:34	ftpd[27378]	FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes
roto-router	Jul 25 14:56:53	ftpd[27378]	FTP session closed
roto-router	Jul 25 15:09:55	PAM_pwdb[27397]	(su) session opened for user root by bswopes(uid=500)
roto-router	Jul 25 15:10:19	PAM_pwdb[27397]	(su) session closed for user root
roto-router	Jul 25 15:13:07	PAM_pwdb[27438]	(su) session opened for user root by bswopes(uid=500)
roto-router	Jul 25 15:13:41	PAM_pwdb[27438]	(su) session closed for user root
roto-router	Jul 25 15:16:02	PAM_pwdb[27465]	(su) session opened for user root by bswopes(uid=500)
roto-router	Jul 25 15:16:10	named[27483]	starting. named 8.2.2-P5 Tue Mar 7 02:45:02 PST 2000 ^Iroot@roto-router:/root/tarball/bind/src/bin/named
roto-router	Jul 25 15:16:10	named[27483]	/etc/named.conf:13: can't redefine channel 'default_syslog'
roto-router	Jul 25 15:17:36	named[27498]	starting. named 8.2.2-P5 Tue Mar 7 02:45:02 PST 2000 ^Iroot@roto-router:/root/tarball/bind/src/bin/named
roto-router	Jul 25 15:17:36	named[27498]	/etc/named.conf:13: can't redefine channel 'default_syslog'
roto-router	Jul 25 15:18:23	named[27508]	starting. named 8.2.2-P5 Tue Mar 7 02:45:02 PST 2000 ^Iroot@roto-router:/root/tarball/bind/src/bin/named
roto-router	Jul 25 15:18:23	named[27508]	/etc/named.conf:13: can't redefine channel 'default_syslog'
roto-router	Jul 25 15:18:39	PAM_pwdb[27465]	(su) session closed for user root
roto-router	Jul 25 18:30:57	sshd[27204]	Remote host disconnected: Connection closed.
roto-router	Jul 25 18:30:57	sshd[27204]	connection lost: 'Connection closed.'
roto-router	Jul 25 19:29:34	ftpd[27803]	FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes
roto-router	Jul 25 19:29:50	ftpd[27803]	FTP session closed
roto-router	Jul 25 19:35:02	ftpd[27813]	FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes
roto-router	Jul 25 19:35:12	ftpd[27813]	FTP session closed
roto-router	Jul 25 19:38:03	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 25 19:38:23	sshd[27817]	User bswopes's local password accepted.
roto-router	Jul 25 19:38:23	sshd[27817]	Password authentication for user bswopes accepted.
roto-router	Jul 25 19:38:23	sshd[27817]	User bswopes, coming from hume.the-well.lan, authenticated.
roto-router	Jul 25 19:53:02	PAM_pwdb[27849]	(su) session opened for user root by bswopes(uid=500)
roto-router	Jul 25 19:57:06	ftpd[27870]	FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes
roto-router	Jul 25 19:57:46	ftpd[27870]	FTP session closed
roto-router	Jul 25 20:02:14	PAM_pwdb[27849]	(su) session closed for user root
roto-router	Jul 25 20:27:19	ftpd[27962]	FTP session closed
roto-router	Jul 25 20:27:19	sshd[619]	connection from "10.0.0.2"
roto-router	Jul 25 20:27:20	sshd[27965]	Remote host disconnected: Connection closed by remote host.
roto-router	Jul 25 20:27:21	sshd[27965]	connection lost: 'Connection closed by remote host.'
roto-router	Jul 25 21:53:35	PAM_pwdb[28061]	(su) session opened for user root by bswopes(uid=500)
roto-router	Jul 25 21:54:02	PAM_pwdb[28061]	(su) session closed for user root
roto-router	Jul 25 21:54:07	sshd[27817]	Remote host disconnected: Connection closed.
roto-router	Jul 25 21:54:07	sshd[27817]	connection lost: 'Connection closed.'
roto-router	Jul 25 22:21:23	sshd[619]	connection from "10.0.0.2"
roto-router	Jul 25 22:21:41	sshd[28110]	User bswopes's local password accepted.
roto-router	Jul 25 22:21:41	sshd[28110]	Password authentication for user bswopes accepted.
roto-router	Jul 25 22:21:41	sshd[28110]	User bswopes, coming from shiva.the-well.lan, authenticated.
roto-router	Jul 25 22:22:03	sshd[28110]	Remote host disconnected: Connection closed.
roto-router	Jul 25 22:22:03	sshd[28110]	connection lost: 'Connection closed.'
roto-router	Jul 25 22:40:06	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 25 22:40:17	sshd[28145]	User bswopes's local password accepted.
roto-router	Jul 25 22:40:17	sshd[28145]	Password authentication for user bswopes accepted.
roto-router	Jul 25 22:40:17	sshd[28145]	User bswopes, coming from hume.the-well.lan, authenticated.
roto-router	Jul 25 22:40:27	sshd[28145]	Remote host disconnected: Connection closed.
roto-router	Jul 25 22:40:27	sshd[28145]	connection lost: 'Connection closed.'
roto-router	Jul 25 22:44:25	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 25 22:44:36	sshd[28171]	Remote host disconnected: Unable to authenticate using any of the configured authentication methods
roto-router	Jul 25 22:44:36	sshd[28171]	disconnected by application: 'Unable to authenticate using any of the configured authentication methods'
roto-router	Jul 26 14:04:09	sshd[26231]	Remote host disconnected: Connection closed.
roto-router	Jul 26 14:04:09	sshd[26231]	connection lost: 'Connection closed.'
roto-router	Jul 26 14:25:42	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 26 14:25:50	sshd[29119]	User tailmon's local password accepted.
roto-router	Jul 26 14:25:50	sshd[29119]	Password authentication for user tailmon accepted.
roto-router	Jul 26 14:25:50	sshd[29119]	User tailmon, coming from hume.the-well.lan, authenticated.
roto-router	Jul 26 22:25:02	sshd[619]	connection from "10.0.0.5"
roto-router	Jul 26 22:25:03	sshd[29505]	DNS lookup failed for "10.0.0.5".
roto-router	Jul 26 22:25:08	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 26 22:25:17	sshd[29505]	Connection from 10.0.0.5 denied. Authentication as user james was attempted.
roto-router	Jul 26 22:25:17	sshd[29505]	Remote host disconnected: No further authentication methods available.
roto-router	Jul 26 22:25:17	sshd[29505]	disconnected by application: 'No further authentication methods available.'
roto-router	Jul 26 22:25:24	sshd[619]	connection from "10.0.0.5"
roto-router	Jul 26 22:25:24	sshd[29513]	DNS lookup failed for "10.0.0.5".
roto-router	Jul 26 22:25:29	sshd[29508]	User bswopes's local password accepted.
roto-router	Jul 26 22:25:29	sshd[29508]	Password authentication for user bswopes accepted.
roto-router	Jul 26 22:25:29	sshd[29508]	User bswopes, coming from hume.the-well.lan, authenticated.
roto-router	Jul 26 22:25:34	sshd[29513]	Connection from 10.0.0.5 denied. Authentication as user james was attempted.
roto-router	Jul 26 22:25:34	sshd[29513]	Remote host disconnected: No further authentication methods available.
roto-router	Jul 26 22:25:34	sshd[29513]	disconnected by application: 'No further authentication methods available.'
roto-router	Jul 26 22:25:50	sshd[619]	connection from "10.0.0.5"
roto-router	Jul 26 22:25:50	sshd[29533]	DNS lookup failed for "10.0.0.5".
roto-router	Jul 26 22:25:58	sshd[29533]	Connection from 10.0.0.5 denied. Authentication as user james was attempted.
roto-router	Jul 26 22:25:58	sshd[29533]	Remote host disconnected: No further authentication methods available.
roto-router	Jul 26 22:25:58	sshd[29533]	disconnected by application: 'No further authentication methods available.'
roto-router	Jul 26 22:26:32	sshd[619]	connection from "10.0.0.5"
roto-router	Jul 26 22:26:33	sshd[29539]	DNS lookup failed for "10.0.0.5".
roto-router	Jul 26 22:26:40	sshd[29539]	Connection from 10.0.0.5 denied. Authentication as user bswopes was attempted.
roto-router	Jul 26 22:26:40	sshd[29539]	Remote host disconnected: No further authentication methods available.
roto-router	Jul 26 22:26:40	sshd[29539]	disconnected by application: 'No further authentication methods available.'
roto-router	Jul 26 22:34:43	PAM_pwdb[29592]	authentication failure; bswopes(uid=500) -> root for su service
roto-router	Jul 26 22:34:52	PAM_pwdb[29594]	(su) session opened for user root by bswopes(uid=500)
roto-router	Jul 26 22:37:45	PAM_pwdb[29594]	(su) session closed for user root
roto-router	Jul 26 22:37:48	sshd[29508]	Remote host disconnected: Connection closed.
roto-router	Jul 26 22:37:48	sshd[29508]	connection lost: 'Connection closed.'
roto-router	Jul 26 23:08:58	sshd[619]	connection from "10.0.0.3"
roto-router	Jul 26 23:08:58	sshd[29119]	Remote host disconnected: Connection closed.
roto-router	Jul 26 23:08:58	sshd[29119]	connection lost: 'Connection closed.'
roto-router	Jul 26 23:09:06	sshd[29650]	User tailmon's local password accepted.
roto-router	Jul 26 23:09:06	sshd[29650]	Password authentication for user tailmon accepted.
roto-router	Jul 26 23:09:06	sshd[29650]	User tailmon, coming from hume.the-well.lan, authenticated.
roto-router	Jul 29 11:10:45	portsentry[7083]	attackalert: SYN/Normal scan from host: 211.169.82.130/211.169.82.130 to TCP port: 98
roto-router	Jul 29 11:10:45	portsentry[7083]	attackalert: Host 211.169.82.130 has been blocked via wrappers with string: "ALL: 211.169.82.130"
roto-router	Jul 29 11:10:45	portsentry[7083]	attackalert: Host 211.169.82.130 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 211.169.82.130 -j DENY -l"