Autopsy ascii Fragment Report (ver 1.74) -------------------------------------------------------------- Fragment: 112750 Length: 4096 bytes Not allocated to any meta data structures MD5 of raw Fragment: c24da8fcaecf5c677e9a3a33da3d6a02 MD5 of ascii output: 02638f0bfbb7975474701212f963eab3 Image: /home/kmaster/tools/filesystem/evidence//SOTM29/192.168.1.79/images/root_honeypot Image Type: linux-ext3 Date Generated: Sat Sep 20 14:15:23 2003 Investigator: CGR -------------------------------------------------------------- localhost smbd -D[8935]: log: Connection from 213.154.118.218 port 2022 Aug 10 14:17:52 localhost smbd -D[3137]: log: Generating new 768 bit RSA key. Aug 10 14:17:53 localhost smbd -D[3137]: log: RSA key generation complete. Aug 10 14:18:00 localhost smbd -D[8935]: log: Password authentication for root failed. Aug 10 14:18:04 localhost smbd -D[8935]: log: Password authentication failed for user root from extreme-service-10.is.pcnet.ro. Aug 10 14:18:04 localhost smbd -D[8935]: log: Password authentication for root failed. Aug 10 14:18:09 localhost smbd -D[8935]: log: Password authentication failed for user root from extreme-service-10.is.pcnet.ro. Aug 10 14:18:09 localhost smbd -D[8935]: log: Password authentication for root failed. Aug 10 14:23:20 localhost smbd -D[8935]: log: Password authentication failed for user root from extreme-service-10.is.pcnet.ro. Aug 10 14:23:20 localhost smbd -D[8935]: log: Password authentication for root failed. Aug 10 14:23:24 localhost smbd -D[8935]: fatal: Connection closed by remote host. Aug 10 15:30:30 localhost kernel: eth0: Promiscuous mode enabled. Aug 10 15:30:30 localhost modprobe: modprobe: Can't locate module ppp0 Aug 10 15:32:16 localhost kernel: eth0: Promiscuous mode enabled. Aug 10 15:52:09 localhost smbd -D[14568]: error: bind: Address already in use Aug 10 15:52:09 localhost smbd -D[14568]: fatal: Bind to port 2003 failed: Transport endpoint is not connected. Aug 10 15:52:10 localhost httpd: httpd shutdown succeeded Aug 10 15:52:11 localhost smbd -D[14629]: error: bind: Address already in use Aug 10 15:52:11 localhost smbd -D[14629]: fatal: Bind to port 2003 failed: Transport endpoint is not connected. Aug 10 15:52:12 localhost httpd: fopen: No such file or directory Aug 10 15:52:12 localhost httpd: httpd: could not open error log file /etc/httpd/logs/error_log. Aug 10 15:52:12 localhost httpd: httpd startup failed Aug 10 15:54:18 localhost smbd -D[14663]: error: bind: Address already in use Aug 10 15:54:18 localhost smbd -D[14663]: fatal: Bind to port 2003 failed: Transport endpoint is not connected. Aug 10 15:54:18 localhost httpd: httpd shutdown failed Aug 10 15:56:11 localhost su(pam_unix)[14689]: session opened for user root by (uid=0) Aug 10 16:03:01 localhost su(pam_unix)[14689]: session closed for user root Aug 10 16:04:38 localhost telnetd[15169]: ttloop: peer died: EOF Aug 10 20:29:22 localhost sshd(pam_unix)[15347]: session opened for user root by (uid=0) ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................