[NTLUG:Discuss] suspicious output from "last -d" command
Kenneth Loafman
kenneth at loafman.com
Wed Oct 31 13:09:36 CDT 2007
Ed Leach wrote:
> This does look scary to me!
>
> On my reinstalled system I'm checking last very often.
>
> Ed
>
> ----------------------
>
> system boot (05:07) jensch-ether-8.Informatik.Uni-Oldenburg.DE
> pts/0 (09:42) 50.232.7.0
> pts/0 (02:47) 21.226.7.0
> pts/0 (00:00) 62.92.8.0
> :0 (12:40) localhost
> system boot (12:40) 40.123.8.0
> pts/0 (06:03) 174.42.15.0
> pts/0 (00:03) 21.193.4.0
> :0 (10:25) localhost
> system boot (10:25) 118.143.5.0
I took a look at the structure that wtmp uses for recording logins. It
would be very easy for the IP address field to be uninitialized, in
which case it would be garbage. From all I can tell, 'last' is not
ignoring the field where it makes no sense, i.e. 'system boot' above.
I'm going to write a bug report to Ubuntu about this.
I would not worry about any of this. I'm seeing this 'garbage' output
on systems that do not have internet access, therefore could not be
accessed from outside my net.
It's just a bug in 'last'.
...Ken
More information about the Discuss
mailing list