That's certainly a good question, and now it makes sense. It was NOT an intrusion. The reason I was sure this was not valid is that I was at church... Now I remember I was working from my laptop from the church network connection before services. This was just me, and the unfamiliar address was my church's modem. What's that saying... Just because they really are out to get you doesn't mean you aren't paranoid. I'm definitely paranoid. :-) Thanks for the help. Bill On Sun, Dec 16, 2012 at 12:16:50PM -0500, Theo Van Dinter wrote:
Date: Sun, 16 Dec 2012 12:16:50 -0500 From: Theo Van Dinter <felicity@kluge.net> To: Worcester Linux Users Group <wlug@mail.wlug.org> Cc: Worcester Linux Users Group <wlug@wlug.org> Subject: Re: [Wlug] Possible intrusion? Reply-To: Worcester Linux Users Group <wlug@mail.wlug.org> Precedence: list
I'm not sure why you're looking up a 172 IP address. The output is a host name not an IP.* c-24-91-141-173.hsd1.ma.comcast. net.* Is this your cable modem?
On Dec 16, 2012 12:09 PM, "Bill Mills-Curran" <bill@mills-curran.net> wrote:
I was looking at the output of "last" recently and found several entries like this on my home server:
userxx *pts/0 * * * *c-24-91-141-172. Sun Dec *2 14:57 - 15:09 (00:11)
(userxx represents my username)
I did a reverse lookup on 172.141.92.24:
host 172.141.92.24 24.92.141.172.in-addr.arpa domain name pointer AC8D5C18.ipt.aol.com.
Looks like something from AOL.
I got a little freaked, so I changed my password and also blocked that IP in /etc/hosts.deny.
I'm not an aol user, but my wife is... *but the "last" output shows this as connecting with my username.
Any ideas?
Thanks, Bill _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug