From: root@mail.bhodisoft.com
Sent: Sunday, July 30, 2000 3:10 AM
To: root@mail.bhodisoft.com
Subject: Contents of messages.1

Jul 23 04:02:01 roto-router syslogd 1.3-3: restart.
Jul 23 04:02:02 roto-router syslogd 1.3-3: restart.
Jul 23 04:02:03 roto-router syslogd 1.3-3: restart.
Jul 23 04:02:03 roto-router syslogd 1.3-3: restart.
Jul 23 04:02:04 roto-router syslogd 1.3-3: restart.
Jul 23 04:54:21 roto-router sshd[619]: connection from "10.0.0.3"
Jul 23 04:54:32 roto-router sshd[23948]: User bswopes's local password accepted.
Jul 23 04:54:32 roto-router sshd[23948]: Password authentication for user bswopes accepted.
Jul 23 04:54:32 roto-router sshd[23948]: User bswopes, coming from hume.the-well.lan, authenticated.
Jul 23 05:02:55 roto-router sshd[23948]: Remote host disconnected: Connection closed.
Jul 23 05:02:55 roto-router sshd[23948]: connection lost: 'Connection closed.'
Jul 23 14:54:06 roto-router ftpd[24422]: FTP LOGIN FROM hume.the-well.lan [10.0.0.3], bswopes
Jul 23 14:54:11 roto-router ftpd[24422]: FTP session closed
Jul 24 18:06:56 roto-router sshd[20125]: Remote host disconnected: Connection closed.
Jul 24 18:06:56 roto-router sshd[20125]: connection lost: 'Connection closed.'
Jul 24 18:07:10 roto-router sshd[619]: connection from "10.0.0.3"
Jul 24 18:07:18 roto-router sshd[25823]: User tailmon's local password accepted.
Jul 24 18:07:18 roto-router sshd[25823]: Password authentication for user tailmon accepted.
Jul 24 18:07:18 roto-router sshd[25823]: User tailmon, coming from hume.the-well.lan, authenticated.
Jul 24 20:08:09 roto-router sshd[25823]: Remote host disconnected: Connection closed.
Jul 24 20:08:09 roto-router sshd[25823]: connection lost: 'Connection closed.'
Jul 25 01:32:15 roto-router sshd[619]: connection from "209.247.53.208"
Jul 25 01:33:01 roto-router sshd[26215]: User paramitaom's local password accepted.
Jul 25 01:33:01 roto-router sshd[26215]: Password authentication for user paramitaom accepted.
Jul 25 01:33:01 roto-router sshd[26215]: User paramitaom, coming from dialup-209.247.53.208.SanFrancisco1.Level3.net, authenticated.
Jul 25 01:34:13 roto-router sshd[619]: connection from "10.0.0.3"
Jul 25 01:34:20 roto-router sshd[26231]: User tailmon's local password accepted.
Jul 25 01:34:20 roto-router sshd[26231]: Password authentication for user tailmon accepted.
Jul 25 01:34:20 roto-router sshd[26231]: User tailmon, coming from hume.the-well.lan, authenticated.
Jul 25 01:37:24 roto-router sshd[26215]: Remote host disconnected: Connection closed.
Jul 25 01:37:24 roto-router sshd[26215]: connection lost: 'Connection closed.'
Jul 25 02:21:29 roto-router sshd[619]: connection from "10.0.0.2"
Jul 25 02:22:02 roto-router sshd[26288]: User bswopes's local password accepted.
Jul 25 02:22:02 roto-router sshd[26288]: Password authentication for user bswopes accepted.
Jul 25 02:22:02 roto-router sshd[26288]: User bswopes, coming from shiva.the-well.lan, authenticated.
Jul 25 02:22:10 roto-router PAM_pwdb[26304]: (su) session opened for user root by bswopes(uid=500)
Jul 25 02:22:55 roto-router PAM_pwdb[26304]: (su) session closed for user root
Jul 25 02:22:56 roto-router sshd[26288]: Remote host disconnected: Connection closed.
Jul 25 02:22:56 roto-router sshd[26288]: connection lost: 'Connection closed.'
Jul 25 02:28:44 roto-router sshd[619]: connection from "10.0.0.3"
Jul 25 02:28:54 roto-router sshd[26342]: User bswopes's local password accepted.
Jul 25 02:28:54 roto-router sshd[26342]: Password authentication for user bswopes accepted.
Jul 25 02:28:54 roto-router sshd[26342]: User bswopes, coming from hume.the-well.lan, authenticated.
Jul 25 02:29:47 roto-router PAM_pwdb[26367]: authentication failure; bswopes(uid=500) -> root for su service
Jul 25 02:29:54 roto-router PAM_pwdb[26369]: (su) session opened for user root by bswopes(uid=500)
Jul 25 02:31:24 roto-router PAM_pwdb[26369]: (su) session closed for user root
Jul 25 02:31:25 roto-router sshd[26342]: Remote host disconnected: Connection closed.
Jul 25 02:31:25 roto-router sshd[26342]: connection lost: 'Connection closed.'
Jul 25 03:05:13 roto-router ftpd[26428]: failed login from shiva.the-well.lan [10.0.0.2]
Jul 25 03:05:18 roto-router ftpd[26428]: FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes
Jul 25 03:05:43 roto-router ftpd[26428]: FTP session closed
Jul 25 03:13:51 roto-router sshd[619]: connection from "10.0.0.2"
Jul 25 03:14:02 roto-router sshd[26442]: User bswopes's local password accepted.
Jul 25 03:14:02 roto-router sshd[26442]: Password authentication for user bswopes accepted.
Jul 25 03:14:02 roto-router sshd[26442]: User bswopes, coming from shiva.the-well.lan, authenticated.
Jul 25 03:14:17 roto-router sshd[26442]: Remote host disconnected: Connection closed.
Jul 25 03:14:17 roto-router sshd[26442]: connection lost: 'Connection closed.'
Jul 25 03:16:42 roto-router sshd[619]: connection from "10.0.0.3"
Jul 25 03:16:52 roto-router sshd[26462]: User bswopes's local password accepted.
Jul 25 03:16:52 roto-router sshd[26462]: Password authentication for user bswopes accepted.
Jul 25 03:16:52 roto-router sshd[26462]: User bswopes, coming from hume.the-well.lan, authenticated.
Jul 25 04:19:12 roto-router PAM_pwdb[26696]: (su) session opened for user root by bswopes(uid=500)
Jul 25 04:27:31 roto-router PAM_pwdb[26696]: (su) session closed for user root
Jul 25 04:27:32 roto-router sshd[26462]: Remote host disconnected: Connection closed.
Jul 25 04:27:32 roto-router sshd[26462]: connection lost: 'Connection closed.'
Jul 25 04:43:47 roto-router sshd[619]: connection from "10.0.0.3"
Jul 25 04:43:59 roto-router sshd[26769]: User bswopes's local password accepted.
Jul 25 04:43:59 roto-router sshd[26769]: Password authentication for user bswopes accepted.
Jul 25 04:43:59 roto-router sshd[26769]: User bswopes, coming from hume.the-well.lan, authenticated.
Jul 25 05:06:47 roto-router sshd[26769]: Remote host disconnected: Connection closed.
Jul 25 05:06:47 roto-router sshd[26769]: connection lost: 'Connection closed.'
Jul 25 12:10:23 roto-router sshd[619]: connection from "10.0.0.3"
Jul 25 12:10:33 roto-router sshd[27132]: User bswopes's local password accepted.
Jul 25 12:10:33 roto-router sshd[27132]: Password authentication for user bswopes accepted.
Jul 25 12:10:33 roto-router sshd[27132]: User bswopes, coming from hume.the-well.lan, authenticated.
Jul 25 12:11:11 roto-router sshd[27132]: Remote host disconnected: Connection closed.
Jul 25 12:11:11 roto-router sshd[27132]: connection lost: 'Connection closed.'
Jul 25 13:01:53 roto-router sshd[619]: connection from "10.0.0.3"
Jul 25 13:02:04 roto-router sshd[27204]: User bswopes's local password accepted.
Jul 25 13:02:04 roto-router sshd[27204]: Password authentication for user bswopes accepted.
Jul 25 13:02:04 roto-router sshd[27204]: User bswopes, coming from hume.the-well.lan, authenticated.
Jul 25 14:56:34 roto-router ftpd[27378]: FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes
Jul 25 14:56:53 roto-router ftpd[27378]: FTP session closed
Jul 25 15:09:55 roto-router PAM_pwdb[27397]: (su) session opened for user root by bswopes(uid=500)
Jul 25 15:10:19 roto-router PAM_pwdb[27397]: (su) session closed for user root
Jul 25 15:13:07 roto-router PAM_pwdb[27438]: (su) session opened for user root by bswopes(uid=500)
Jul 25 15:13:41 roto-router PAM_pwdb[27438]: (su) session closed for user root
Jul 25 15:16:02 roto-router PAM_pwdb[27465]: (su) session opened for user root by bswopes(uid=500)
Jul 25 15:16:10 roto-router named[27483]: starting.  named 8.2.2-P5 Tue Mar  7 02:45:02 PST 2000 ^Iroot@roto-router:/root/tarball/bind/src/bin/named
Jul 25 15:16:10 roto-router named[27483]: /etc/named.conf:13: can't redefine channel 'default_syslog'
Jul 25 15:17:36 roto-router named[27498]: starting.  named 8.2.2-P5 Tue Mar  7 02:45:02 PST 2000 ^Iroot@roto-router:/root/tarball/bind/src/bin/named
Jul 25 15:17:36 roto-router named[27498]: /etc/named.conf:13: can't redefine channel 'default_syslog'
Jul 25 15:18:23 roto-router named[27508]: starting.  named 8.2.2-P5 Tue Mar  7 02:45:02 PST 2000 ^Iroot@roto-router:/root/tarball/bind/src/bin/named
Jul 25 15:18:23 roto-router named[27508]: /etc/named.conf:13: can't redefine channel 'default_syslog'
Jul 25 15:18:39 roto-router PAM_pwdb[27465]: (su) session closed for user root
Jul 25 18:30:57 roto-router sshd[27204]: Remote host disconnected: Connection closed.
Jul 25 18:30:57 roto-router sshd[27204]: connection lost: 'Connection closed.'
Jul 25 19:29:34 roto-router ftpd[27803]: FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes
Jul 25 19:29:50 roto-router ftpd[27803]: FTP session closed
Jul 25 19:35:02 roto-router ftpd[27813]: FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes
Jul 25 19:35:12 roto-router ftpd[27813]: FTP session closed
Jul 25 19:38:03 roto-router sshd[619]: connection from "10.0.0.3"
Jul 25 19:38:23 roto-router sshd[27817]: User bswopes's local password accepted.
Jul 25 19:38:23 roto-router sshd[27817]: Password authentication for user bswopes accepted.
Jul 25 19:38:23 roto-router sshd[27817]: User bswopes, coming from hume.the-well.lan, authenticated.
Jul 25 19:53:02 roto-router PAM_pwdb[27849]: (su) session opened for user root by bswopes(uid=500)
Jul 25 19:57:06 roto-router ftpd[27870]: FTP LOGIN FROM shiva.the-well.lan [10.0.0.2], bswopes
Jul 25 19:57:46 roto-router ftpd[27870]: FTP session closed
Jul 25 20:02:14 roto-router PAM_pwdb[27849]: (su) session closed for user root
Jul 25 20:27:19 roto-router ftpd[27962]: FTP session closed
Jul 25 20:27:19 roto-router sshd[619]: connection from "10.0.0.2"
Jul 25 20:27:20 roto-router sshd[27965]: Remote host disconnected: Connection closed by remote host.
Jul 25 20:27:21 roto-router sshd[27965]: connection lost: 'Connection closed by remote host.'
Jul 25 21:53:35 roto-router PAM_pwdb[28061]: (su) session opened for user root by bswopes(uid=500)
Jul 25 21:54:02 roto-router PAM_pwdb[28061]: (su) session closed for user root
Jul 25 21:54:07 roto-router sshd[27817]: Remote host disconnected: Connection closed.
Jul 25 21:54:07 roto-router sshd[27817]: connection lost: 'Connection closed.'
Jul 25 22:21:23 roto-router sshd[619]: connection from "10.0.0.2"
Jul 25 22:21:41 roto-router sshd[28110]: User bswopes's local password accepted.
Jul 25 22:21:41 roto-router sshd[28110]: Password authentication for user bswopes accepted.
Jul 25 22:21:41 roto-router sshd[28110]: User bswopes, coming from shiva.the-well.lan, authenticated.
Jul 25 22:22:03 roto-router sshd[28110]: Remote host disconnected: Connection closed.
Jul 25 22:22:03 roto-router sshd[28110]: connection lost: 'Connection closed.'
Jul 25 22:40:06 roto-router sshd[619]: connection from "10.0.0.3"
Jul 25 22:40:17 roto-router sshd[28145]: User bswopes's local password accepted.
Jul 25 22:40:17 roto-router sshd[28145]: Password authentication for user bswopes accepted.
Jul 25 22:40:17 roto-router sshd[28145]: User bswopes, coming from hume.the-well.lan, authenticated.
Jul 25 22:40:27 roto-router sshd[28145]: Remote host disconnected: Connection closed.
Jul 25 22:40:27 roto-router sshd[28145]: connection lost: 'Connection closed.'
Jul 25 22:44:25 roto-router sshd[619]: connection from "10.0.0.3"
Jul 25 22:44:36 roto-router sshd[28171]: Remote host disconnected: Unable to authenticate using any of the configured authentication methods
Jul 25 22:44:36 roto-router sshd[28171]: disconnected by application: 'Unable to authenticate using any of the configured authentication methods'
Jul 26 14:04:09 roto-router sshd[26231]: Remote host disconnected: Connection closed.
Jul 26 14:04:09 roto-router sshd[26231]: connection lost: 'Connection closed.'
Jul 26 14:25:42 roto-router sshd[619]: connection from "10.0.0.3"
Jul 26 14:25:50 roto-router sshd[29119]: User tailmon's local password accepted.
Jul 26 14:25:50 roto-router sshd[29119]: Password authentication for user tailmon accepted.
Jul 26 14:25:50 roto-router sshd[29119]: User tailmon, coming from hume.the-well.lan, authenticated.
Jul 26 22:25:02 roto-router sshd[619]: connection from "10.0.0.5"
Jul 26 22:25:03 roto-router sshd[29505]: DNS lookup failed for "10.0.0.5".
Jul 26 22:25:08 roto-router sshd[619]: connection from "10.0.0.3"
Jul 26 22:25:17 roto-router sshd[29505]: Connection from 10.0.0.5 denied. Authentication as user james was attempted.
Jul 26 22:25:17 roto-router sshd[29505]: Remote host disconnected: No further authentication methods available.
Jul 26 22:25:17 roto-router sshd[29505]: disconnected by application: 'No further authentication methods available.'
Jul 26 22:25:24 roto-router sshd[619]: connection from "10.0.0.5"
Jul 26 22:25:24 roto-router sshd[29513]: DNS lookup failed for "10.0.0.5".
Jul 26 22:25:29 roto-router sshd[29508]: User bswopes's local password accepted.
Jul 26 22:25:29 roto-router sshd[29508]: Password authentication for user bswopes accepted.
Jul 26 22:25:29 roto-router sshd[29508]: User bswopes, coming from hume.the-well.lan, authenticated.
Jul 26 22:25:34 roto-router sshd[29513]: Connection from 10.0.0.5 denied. Authentication as user james was attempted.
Jul 26 22:25:34 roto-router sshd[29513]: Remote host disconnected: No further authentication methods available.
Jul 26 22:25:34 roto-router sshd[29513]: disconnected by application: 'No further authentication methods available.'
Jul 26 22:25:50 roto-router sshd[619]: connection from "10.0.0.5"
Jul 26 22:25:50 roto-router sshd[29533]: DNS lookup failed for "10.0.0.5".
Jul 26 22:25:58 roto-router sshd[29533]: Connection from 10.0.0.5 denied. Authentication as user james was attempted.
Jul 26 22:25:58 roto-router sshd[29533]: Remote host disconnected: No further authentication methods available.
Jul 26 22:25:58 roto-router sshd[29533]: disconnected by application: 'No further authentication methods available.'
Jul 26 22:26:32 roto-router sshd[619]: connection from "10.0.0.5"
Jul 26 22:26:33 roto-router sshd[29539]: DNS lookup failed for "10.0.0.5".
Jul 26 22:26:40 roto-router sshd[29539]: Connection from 10.0.0.5 denied. Authentication as user bswopes was attempted.
Jul 26 22:26:40 roto-router sshd[29539]: Remote host disconnected: No further authentication methods available.
Jul 26 22:26:40 roto-router sshd[29539]: disconnected by application: 'No further authentication methods available.'
Jul 26 22:34:43 roto-router PAM_pwdb[29592]: authentication failure; bswopes(uid=500) -> root for su service
Jul 26 22:34:52 roto-router PAM_pwdb[29594]: (su) session opened for user root by bswopes(uid=500)
Jul 26 22:37:45 roto-router PAM_pwdb[29594]: (su) session closed for user root
Jul 26 22:37:48 roto-router sshd[29508]: Remote host disconnected: Connection closed.
Jul 26 22:37:48 roto-router sshd[29508]: connection lost: 'Connection closed.'
Jul 26 23:08:58 roto-router sshd[619]: connection from "10.0.0.3"
Jul 26 23:08:58 roto-router sshd[29119]: Remote host disconnected: Connection closed.
Jul 26 23:08:58 roto-router sshd[29119]: connection lost: 'Connection closed.'
Jul 26 23:09:06 roto-router sshd[29650]: User tailmon's local password accepted.
Jul 26 23:09:06 roto-router sshd[29650]: Password authentication for user tailmon accepted.
Jul 26 23:09:06 roto-router sshd[29650]: User tailmon, coming from hume.the-well.lan, authenticated.
Jul 29 11:10:45 roto-router portsentry[7083]: attackalert: SYN/Normal scan from host: 211.169.82.130/211.169.82.130 to TCP port: 98
Jul 29 11:10:45 roto-router portsentry[7083]: attackalert: Host 211.169.82.130 has been blocked via wrappers with string: "ALL: 211.169.82.130"
Jul 29 11:10:45 roto-router portsentry[7083]: attackalert: Host 211.169.82.130 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 211.169.82.130 -j DENY -l"