CSF

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#21
No pts/3 is your third pseudo terminal presumably over ssh


ps aux|grep pts/6

will show what processes that login is running.

It is an host within cox cable running a microsoft mail server, and probably not a good thing.
 

franklin

Joined
Oct 22, 2010
Messages
254
Likes
0
Points
0
#22
ps aux|grep pts6
root 12898 0.0 0.1 3920 548 pts/3 D+ 11:44 0:00 grep pts6

I am at one of my remote offices. I have put the IP as an Allow in CSF. There is a mail server from a tenant running on the same network, but how have they gained access to the box. when I run a who I get this:

root tty1 2011-03-16 14:52
root pts/1 2011-03-18 11:14 (xxx.xxx.xxx.xxx)
root pts/2 2011-03-18 09:28 (192.168.1.2)
root pts/3 2011-03-18 11:24 (mailserv.xxxxxxxxx)
root pts/4 2011-03-18 11:26 (xxx.xxx.xxx.xxx)
root pts/5 2011-03-18 11:30 (xxx.xxx.xxx.xxx)

the .xxx is Jorge from PS. Working on a case with him now.
 

franklin

Joined
Oct 22, 2010
Messages
254
Likes
0
Points
0
#23
That mail serv has to be me. I am 10.10.10.108 the 192.168.1.2 is from my home office. The router is not named tranquil. Why is his host name showing up like this on my login?

Thanks.
 

dicko

Joined
Oct 24, 2008
Messages
4,099
Likes
0
Points
0
#24
that was pts/6 not pts6

10.10.10.108 is a "reserved" IP address maybe from your provider presumably COX and the real address is 98.191.n.n (whoops!)
anyway please edit your post(s) to sanitize them
 

franklin

Joined
Oct 22, 2010
Messages
254
Likes
0
Points
0
#25
My PC is .108. I'll get to the bottom of tranquil. Shouldn't have put the PS address up there. Can you remove the .131? Thanks.
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,981
Messages
131,060
Members
17,701
Latest member
angel695py
Top