Future timestamps in /var/log/secure

gordon b slater gordslater at ieee.org
Fri Feb 26 13:28:32 CST 2010


On Fri, 2010-02-26 at 10:55 -0800, Wade Peacock wrote:
> the proftpd line happened to be the next line in the log.  the
> next simular ssh lines looks like (duplicate removed)
> 
> Feb 26 10:08:48 mx sshd[22165]: Did not receive identification string from UNKNOWN
> Feb 26 10:09:27 mx sshd[22261]: Failed password for root from 219.137.192.231 port 54111 ssh2

is it possible that a local user changed the time (maybe with a GUI app)
around the time of these attempts?

(failed attempts like this are normal for a machine hooked to the
internet without ACLs BTW, the problem is the strange timestamp <<for
the benefit of casual onlookers in the thread)

Gord

-- 
latest ITU-T declaration: all syslogs must show timestamps in Geneva
time





More information about the NANOG mailing list