Last -i shows an unknown ip

Invaderzim2004 · 09-27-2004, 12:08 AM

My last -i shows a weired ip for when i log on with a user account:

<user shown here> :0 20.127.3.64 Sun Sep 26 20:52 - down (00:00)

I dont know what the ip 20.127.3.64 is from, it shows it on almost all of my user logins, but not from root logins to vc/1 just to my user logins to :0 which i started froma root shell in vc/1.

If someone can tell me if this is normall, it would really help me out, thanks

Invaderzim2004 · 09-27-2004, 12:10 AM

PS What i do is log into vc/1 with root then do a telinit 5 to get to X and then login with my user, is this a bad thing to do, is it safe?

Bruce Hill · 09-27-2004, 12:20 AM

I can't tell you about the login to vc/1, but I can show you how to find an IP

Code:

mingdao@james:~$ whois 20.127.3.64

OrgName:    Computer Sciences Corporation
OrgID:      CSC-68
Address:    3170 Fairview Park Drive
City:       Falls Church
StateProv:  VA
PostalCode: 22042
Country:    US

NetRange:   20.0.0.0 - 20.255.255.255
CIDR:       20.0.0.0/8
NetName:    CSC
NetHandle:  NET-20-0-0-0-1
Parent:
NetType:    Direct Assignment
NameServer: NS1.CSC.COM
NameServer: NS2.CSC.COM
Comment:
RegDate:    1989-09-04
Updated:    2002-05-31

TechHandle: PG618-ARIN
TechName:   Gross, Pete
TechPhone:  +1-703-641-3322
TechEmail:  pgross@csc.com

OrgAbuseHandle: PG618-ARIN
OrgAbuseName:   Gross, Pete
OrgAbusePhone:  +1-703-641-3322
OrgAbuseEmail:  pgross@csc.com

OrgTechHandle: PG618-ARIN
OrgTechName:   Gross, Pete
OrgTechPhone:  +1-703-641-3322
OrgTechEmail:  pgross@csc.com

# ARIN WHOIS database, last updated 2004-09-26 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Invaderzim2004 · 09-27-2004, 12:47 AM

How is it that it shows me logging in from that address when i log in from my home desktop computer?

Invaderzim2004 · 09-27-2004, 12:54 AM

BTW, im using Mandrake Linux 10.

Bruce Hill · 09-27-2004, 01:54 AM

Quote:

Originally posted by Invaderzim2004
How is it that it shows me logging in from that address when i log in from my home desktop computer?

Sorry, I already told you

Quote:

Originally posted by Chinaman
I can't tell you about the login to vc/1, but I can show you how to find an IP

What is vc? If that means virtual console, you could start by issuing and reading "man console"

And instead of having to say, "btw I'm using <distribution>" just put it in your LQ UserCP

qwijibow · 09-27-2004, 04:38 AM

are you definatly sure this is NOT the ip or your ISP ?
if not, some1 is logging into your machine.

change your passwords weekly test your system for root kits, and resrtict the ip addressed from which can loggin via ssh with iptables.

Capt_Caveman · 09-27-2004, 08:24 AM

I think you're seeeing this bug:

http://bugs.mandrakelinux.com/query.php?bug=532

Invaderzim2004 · 09-27-2004, 07:32 PM

Thank you Capt_Caveman, that really explains alot.

linuxboy69 · 09-29-2004, 10:47 AM

I had the exact same problem and it turned out to be just a bug.