Autopsy ascii Fragment Report (ver 1.74) -------------------------------------------------------------- Fragment: 112745 Length: 4096 bytes Not allocated to any meta data structures MD5 of raw Fragment: 0fd58356d74909ccb16a89dd0a19112a MD5 of ascii output: a33355f30900c8a923a037582feccf8b Image: /home/kmaster/tools/filesystem/evidence//SOTM29/192.168.1.79/images/root_honeypot Image Type: linux-ext3 Date Generated: Sat Sep 20 14:13:03 2003 Investigator: CGR -------------------------------------------------------------- Aug 10 13:33:57 localhost syslogd 1.4.1: restart. Aug 10 13:33:57 localhost syslog: syslogd startup succeeded Aug 10 13:33:57 localhost kernel: klogd 1.4.1, log source = /proc/kmsg started. Aug 10 13:33:57 localhost kernel: Inspecting /boot/System.map-2.4.7-10 Aug 10 13:33:57 localhost syslog: klogd startup succeeded Aug 10 13:33:57 localhost kernel: Loaded 15046 symbols from /boot/System.map-2.4.7-10. Aug 10 13:33:57 localhost kernel: Symbols match kernel version 2.4.7. Aug 10 13:33:57 localhost kernel: Loaded 371 symbols from 10 modules. Aug 10 13:33:57 localhost kernel: (swapd) uses obsolete (PF_INET,SOCK_PACKET) Aug 10 13:33:57 localhost kernel: eth0: Promiscuous mode enabled. Aug 10 13:33:57 localhost kernel: device eth0 entered promiscuous mode Aug 10 13:33:57 localhost kernel: NET4: Linux IPX 0.47 for NET4.0 Aug 10 13:33:57 localhost kernel: IPX Portions Copyright (c) 1995 Caldera, Inc. Aug 10 13:33:57 localhost kernel: IPX Portions Copyright (c) 2000, 2001 Conectiva, Inc. Aug 10 13:33:57 localhost kernel: NET4: AppleTalk 0.18a for Linux NET4.0 Aug 10 13:33:32 localhost syslog: syslogd shutdown succeeded Aug 10 13:33:33 localhost smbd -D[3137]: log: Server listening on port 2003. Aug 10 13:33:33 localhost smbd -D[3137]: log: Generating 768 bit RSA key. Aug 10 13:33:34 localhost smbd -D[3137]: log: RSA key generation complete. Aug 10 13:33:35 localhost smbd -D[3150]: error: bind: Address already in use Aug 10 13:33:35 localhost smbd -D[3150]: fatal: Bind to port 2003 failed: Transport endpoint is not connected. Aug 10 13:33:56 localhost smbd -D[3225]: error: bind: Address already in use Aug 10 13:33:56 localhost smbd -D[3225]: fatal: Bind to port 2003 failed: Transport endpoint is not connected. Aug 10 13:33:56 localhost syslog: klogd shutdown failed Aug 10 13:33:57 localhost syslog: syslogd shutdown failed Aug 10 14:13:47 localhost sshd: sshd -TERM failed Aug 10 14:14:41 localhost smbd -D[5505]: log: Connection from 213.154.118.218 port 2020 Aug 10 14:14:42 localhost smbd -D[3137]: log: Generating new 768 bit RSA key. Aug 10 14:14:44 localhost smbd -D[3137]: log: RSA key generation complete. Aug 10 14:14:52 localhost smbd -D[5505]: log: Password authentication for root failed. Aug 10 14:14:58 localhost smbd -D[5505]: log: Password authentication failed for user root from extreme-service-10.is.pcnet.ro. Aug 10 14:14:58 localhost smbd -D[5505]: log: Password authentication for root failed. Aug 10 14:15:14 localhost smbd -D[5505]: log: Password authentication failed for user root from extreme-service-10.is.pcnet.ro. Aug 10 14:15:14 localhost smbd -D[5505]: log: Password authentication for root failed. Aug 10 14:15:17 localhost smbd -D[5505]: fatal: Connection closed by remote host. Aug 10 14:17:08 localhost smbd -D[8170]: log: Connection from 213.154.118.218 port 2021 Aug 10 14:17:09 localhost smbd -D[3137]: log: Generating new 768 bit RSA key. Aug 10 14:17:10 localhost smbd -D[3137]: log: RSA key generation complete. Aug 10 14:17:17 localhost smbd -D[8170]: log: Password authentication for root failed. Aug 10 14:17:21 localhost smbd -D[8170]: log: Password authentication failed for user root from extreme-service-10.is.pcnet.ro. Aug 10 14:17:21 localhost smbd -D[8170]: log: Password authentication for root failed. Aug 10 14:17:26 localhost smbd -D[8170]: log: Password authentication failed for user root from extreme-service-10.is.pcnet.ro. Aug 10 14:17:26 localhost smbd -D[8170]: log: Password authentication for root failed. Aug 10 14:17:38 localhost smbd -D[8170]: log: Password authentication failed for user root from extreme-service-10.is.pcnet.ro. Aug 10 14:17:38 localhost smbd -D[8170]: log: Password authentication for root failed. Aug 10 14:17:42 localhost smbd -D[8170]: log: Password authentication failed for user root from extreme-service-10.is.pcnet.ro. Aug 10 14:17:42 localhost smbd -D[8170]: log: Password authentication for root failed. Aug 10 14:17:47 localhost smbd -D[8170]: fatal: Local: Too many password authentication attempts from extreme-service-10.is.pcnet.ro for user root. Aug 10 14:17:51