Strange connections on login.

Wizard wizard at neonedge.com
Tue Jan 21 08:00:24 EST 2003 

It comes up as Jackson State University for arin whois lookup:
http://ws.arin.net/cgi-bin/whois.pl?queryinput=143.132.4.8
Grant M.


> -----Original Message-----
> From: discuss-admin at blu.org [mailto:discuss-admin at blu.org]On Behalf Of
> David Lapointe
> Sent: Tuesday, January 21, 2003 7:52 AM
> To: Boston LUG
> Subject: Strange connections on login.
> 
> 
> On the alt.os.linux.mandrake list mr e reported strange results from his
> computer and asked if others had similar results.
> 
> Running 'last -aidx'  I get the same results that he did, i.e. a 
> connection 
> to 143.132.4.8 on login.  
> 
> david    pts/0        Tue Jan 14 07:27   still logged in    0.0.0.0
> david    :0           Tue Jan 14 07:26    gone - no logout  143.132.4.8
> runlevel (to lvl 5)   Tue Jan 14 07:24 - 08:04  (00:40)     0.0.0.0
> reboot   system boot  Tue Jan 14 07:24          (00:40)     0.0.0.0
> shutdown system down  Tue Jan 14 06:51 - 08:04  (01:13)     0.0.0.0
> runlevel (to lvl 6)   Tue Jan 14 06:51 - 06:51  (00:00)     0.0.0.0
> david    pts/0        Tue Jan 14 05:35 - down   (01:15)     0.0.0.0
> david    :0           Tue Jan 14 05:34 - down   (01:16)     143.132.4.8
> runlevel (to lvl 5)   Tue Jan 14 05:29 - 06:51  (01:21)     0.0.0.0
> reboot   system boot  Tue Jan 14 05:29          (01:21)     0.0.0.0
> shutdown system down  Mon Jan 13 07:38 - 06:51  (23:13)     0.0.0.0
> runlevel (to lvl 0)   Mon Jan 13 07:37 - 07:38  (00:00)     0.0.0.0
> david    pts/0        Mon Jan 13 06:04 - down   (01:33)     0.0.0.0
> david    :0           Mon Jan 13 06:03 - down   (01:33)     143.132.4.8
> runlevel (to lvl 5)   Mon Jan 13 06:02 - 07:37  (01:34)     0.0.0.0
> reboot   system boot  Mon Jan 13 06:02          (01:34)     0.0.0.0
> 
> I have two computers that show this behavior and two that don't.  
>  The two 
> that do are dual-boot (Linux/Ww2K) and I use the NT Bootloader on both 
> computers.  
> 
> Here's the strange part. I did a fresh install of Mandrake 9.0 on 
> my laptop, 
> which showed the above log before the new install, with no network 
> connection.  Using the  freshly made bootdisk,  I did not get 
> this  :0  line 
> in the 'last -aidx' output.   However, when I set up the 
> NTBootloader to boot 
> into Linux, this line came back but to a different location which 
> resolved to 
> a Genuity address (8.27.1.64)  using arin whois.  143.132.4.8 apparently 
> traceroutes to an ARMY.MIL site.  Interestingly, rebooting with 
> the floppy 
> bootdisk, now shows this line. 'who' also shows the :0 session, 
> which I have 
> not seen before.
> 
> I am really curious what is doing this.  I keep my virus 
> protection current 
> in W2K but maybe it's not a virus.  Who knows maybe M$ has pushed 
> code into 
> their bootloader to check for linux.  I might try going back to 
> putting LILO 
> in the MBR.
> 
> Any clues?
> 
> -- 
>  .david
>  David Lapointe
> "A mind stretched to a new idea never returns to its original dimensions"
> Oliver Wendell Holmes
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list