LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-28-2002, 04:11 PM   #1
bigjohn
Senior Member
 
Registered: Jun 2002
Location: UK .
Distribution: *buntu (usually Kubuntu)
Posts: 2,682
Blog Entries: 9

Rep: Reputation: 45
curious message???


Hi ho,

Mandrake 9.0 - after having read various warnings about logging in as root when the adsl connection is up and running, I've got into the habit of going into the mandrake control centre, finding the connection thingy, and disconnecting, sometimes I get a little message about it detecting another connection, and something/somebody might be using my network.

What does this mean, is it something to do with server stuff that I might have running or is it something that I should be concerned with?

How do I find out?

regards

John
 
Old 10-29-2002, 08:32 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Uhm, maybe from the /var/log/messages thingie?
 
Old 10-29-2002, 03:26 PM   #3
MasterC
LQ Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 64
John, actually there are alot of messages on your box that the unaware, or un-familiar might seem like system being compromised, but that's because alot of your things run as seperate servers, and aren't all integrated so perfectly.

If you post some error messges, some of us might be able to "translate" them better for you.

Cool
 
Old 10-30-2002, 07:08 PM   #4
bigjohn
Senior Member
 
Registered: Jun 2002
Location: UK .
Distribution: *buntu (usually Kubuntu)
Posts: 2,682
Blog Entries: 9

Original Poster
Rep: Reputation: 45
strange messages?

I don't recall the exact wording Chad, but I seems to come up on the "connections dialogue", I often leave the mandrake control centre in the background, and just bring it back up to be able to disconnect, it is then that it comes up with Warning: a second connection has been detected, someone may be using your connection. or words to that effect.

Not being a command line nut, I don't know the difference between using gui to look at the logs and /var/logs/messages (pathetic eh!)that unspawn suggested, but I looked through all the various headings under the logs section, an apart from a few ip addresses that as far as I can tell (or remember) originate from my isp. Hence I am not sure what or how to check to see if someone has been "visiting".

I suspect that I have got something running serverwise, that is causing this, but I have to plead the usual "ignorance" excuse.

How some of the more knowledgeable types here have learned so much eludes me, trying to read some of the help stuff off a screen give me a headache.

But any suggestion what I need to look for and where will be very helpful, and next time I get the message I'll write it down and post it (I say next time, because I've been digging around to try and sort my sound snags - and have managed to kill something in the connection - SIOCDELRT - yarda yarda - line 150 command not found. This is the second time i've had this with the mandy 9.0 and both times I have ended up going through the rigmarole of re-installing the OS because what little I can find about it, means absolutely zero - and i've just re-installed and still haven't finished setting my connection and preferences etc)

regards

John
 
Old 10-30-2002, 08:08 PM   #5
MasterC
LQ Guru
 
Registered: Mar 2002
Location: Salt Lake City, UT - USA
Distribution: Gentoo ; LFS ; Kubuntu
Posts: 12,612

Rep: Reputation: 64
Wow, that's really a horrible story John. I would have a heck of a time with Linux if everytime I crashed my box I reinstalled it.

I wouldn't worry too much about someone plugging around on your box, as long as you aren't being root, and have given root a hard-to-crack pass and things of the normal paranoia settings, then you are probably ok. But I think UnSpawn would have my name changed to blundering fool if I didn't also say that it is possible. You might wanna just see if you can grab some screens or something like that, makes it much easier than retyping an error message, you could save it to a fat32/ntfs partition and then bring it up when you go online and post it that way.

Cool
 
Old 11-03-2002, 04:58 PM   #6
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86_64; Gentoo PPC; FreeBSD; OS X 10.9.4
Posts: 3,760
Blog Entries: 4

Rep: Reputation: 78
If you are using asdl you most likely have a dynamic ip address, and the message could perhaps be your dhcp client talking to your isp's dhcp server. Just a thought.
 
Old 12-06-2002, 06:29 AM   #7
ianr
LQ Newbie
 
Registered: Dec 2002
Distribution: Mandrake 9
Posts: 1

Rep: Reputation: 0
Aha! i have exactly the same message. Unfortunately, I don't know what it is either

I'm on Mandrake 9 with NIC to an ADSL router. Static IP's. I've been running Linux for 3 days (now *that's* a newbie) and my net connection just died yesterday for no aparrent reason.

I run dual boot and the connection works fine on windows with the same IP setup.

Ah well, if it never went wrong, I guess I wouldn't learn anything!
 
Old 12-06-2002, 08:36 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
This is where a "catchall" rule in your /etc/syslog.conf comes in handy. If you add this line (w/o quotes and yes, <tab> is a tab):
"*.*<tab><tab>/var/log/catchall.log" , do a "touch /var/log/catchall.log" chmod it 0600 and then restart syslog, all error messages should be dumped there, unless an app dumps it to stderr.

Because it might be filling up quite fast you want to consider making a separate logrotate entry for it and call it from cron over a reasonable interval. If you set up a logrotate prerotation script you can even mail the interesting entries to yourself:

(/etc/logrotate.d/catchall.log)
/var/log/catchall.log {
prerotate
egrep /var/log/catchall.log -e "(wannasee0|wannasee1)" | egrep -ve "(dontwannasee0|dontwannasee1)" | mail -s "Catchall log $(date +%m%d%Y:%H%M)" <mailtoname>
endscript
compress
size 10M
notifempty
rotate 7
errors root
create 0600 root root
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2>/dev/null` 2>/dev/null || true
endscript
}

Now add a line to /etc/crontab calling it hourly:
00 */1 * * * root logrotate /etc/logrotate.d/catchall.log

Crond will restart itself once the changes are saved.

HTH somehow.
 
Old 12-06-2002, 04:46 PM   #9
bigjohn
Senior Member
 
Registered: Jun 2002
Location: UK .
Distribution: *buntu (usually Kubuntu)
Posts: 2,682
Blog Entries: 9

Original Poster
Rep: Reputation: 45
Whoooooooooosh! (the noise your post made as it shot straight over my head).

Seriously though, Thanks for the idea, since I read the post from bulliver, I can't recall seeing the prompt, but now I am going to watch out for it and start digging through the logs with paranoid obsession.

I am pretty sure that I don't have the luxury of static IP's as mentioned by ianr (I seem to recall that my provider charges extra for static IP's though when I do ifconfig the numbers don't change very much!).

Again, many thanks

regards

John

p.s. being a linux dummy, is there a point where the logs are full and start to auto delete i.e. like cache memory in a browser????? or do they just carry on logging and eventually eat into available disc space? - sorry if this sounds like i'm being thick!

Last edited by bigjohn; 12-06-2002 at 04:51 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Very curious chbin Linux - Security 13 08-08-2005 11:42 PM
Curious SpEcIeS SUSE / openSUSE 9 03-21-2005 12:26 PM
just curious... crazydutchman Slackware 4 03-17-2004 08:31 PM
Just curious? BajaNick General 3 08-03-2003 01:36 AM
Just Curious Smooth General 2 07-03-2003 03:22 PM


All times are GMT -5. The time now is 10:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration