hello fanton.
You might be interested to see the output for utmpdump /var/log/wtmp | grep 127 on my machine... note my "rogue" ip number is 127 not 128 as with your machine.
Code:
# utmpdump /var/log/wtmp | grep 127
Utmp dump of /var/log/wtmp
[7] [01129] [:0 ] [jonathon] [:0 ] [ ] [127.255.248.88 ] [Mon Jul 14 03:14:07 2003 EST]
[8] [00000] [:0 ] [ ] [:0 ] [ ] [127.255.248.40 ] [Mon Jul 14 09:22:39 2003 EST]
[7] [01078] [:0 ] [jonathon] [:0 ] [ ] [127.255.248.88 ] [Mon Jul 14 11:42:00 2003 EST]
[8] [00000] [:0 ] [ ] [:0 ] [ ] [127.255.248.40 ] [Mon Jul 14 18:31:36 2003 EST]
[7] [07521] [:0 ] [suzanne ] [:0 ] [ ] [127.255.248.88 ] [Mon Jul 14 18:32:06 2003 EST]
[8] [00000] [:0 ] [ ] [:0 ] [ ] [127.255.248.40 ] [Mon Jul 14 19:22:17 2003 EST]
[7] [12822] [:0 ] [jonathon] [:0 ] [ ] [127.255.248.88 ] [Tue Jul 15 00:21:02 2003 EST]
[8] [00000] [:0 ] [ ] [:0 ] [ ] [127.255.248.40 ] [Tue Jul 15 16:46:38 2003 EST]
[7] [00936] [:0 ] [jonathon] [:0 ] [ ] [127.255.248.88 ] [Wed Jul 16 16:51:58 2003 EST]
[8] [00000] [:0 ] [ ] [:0 ] [ ] [127.255.248.40 ] [Wed Jul 16 20:25:43 2003 EST]
[7] [00933] [:0 ] [jonathon] [:0 ] [ ] [127.255.248.88 ] [Thu Jul 17 01:43:09 2003 EST]
[8] [00000] [:0 ] [ ] [:0 ] [ ] [127.255.248.40 ] [Thu Jul 17 03:14:07 2003 EST]
[7] [00951] [:0 ] [jonathon] [:0 ] [ ] [127.255.248.88 ] [Thu Jul 17 12:46:02 2003 EST]
[8] [00000] [:0 ] [ ] [:0 ] [ ] [127.255.248.40 ] [Thu Jul 17 15:01:24 2003 EST]
[7] [01050] [:0 ] [jonathon] [:0 ] [ ] [127.255.248.88 ] [Thu Jul 17 18:55:55 2003 EST]
[8] [00000] [:0 ] [ ] [:0 ] [ ] [127.255.248.40 ] [Thu Jul 17 23:41:14 2003 EST]
[7] [04860] [:0 ] [jonathon] [:0 ] [ ] [127.255.248.88 ] [Thu Jul 17 23:41:27 2003 EST]
[8] [00000] [:0 ] [ ] [:0 ] [ ] [127.255.248.40 ] [Fri Jul 18 15:03:58 2003 EST]
[7] [00953] [:0 ] [jonathon] [:0 ] [ ] [127.255.248.88 ] [Fri Jul 18 22:59:27 2003 EST]
The pattern is similar.. same (almost) logins on [7] and [8] lines and from terminal :0
step 2 in your instructions at bugzilla is -
2. look at wtmp using 'utmdump /var/log/wtmp | grep 128.99
This is not necessarily so.. the number on my machine is 127... not 128.... maybe you should revise your bugzilla submission?
I'm using yellowdog (3.0) on ppc with dialup connection.. doesn't seem to matter if I'm connected or not, still get the logins.