every time, root (or any other user) logs into the system (Suse 9.3 Linux mail server) a connection to a foreign ip (96.124.236.183) shows up.
It shows up even when I plug out the network cable and then restart the system.
I don't know if this is a security hole and how to find out more about it.
Thanks,
Simon
last -i
root pts/1 0.0.0.0 Thu Jul 22 13:35 still logged in
root pts/0 0.0.0.0 Thu Jul 22 13:34 still logged in
root :0 96.124.236.183 Thu Jul 22 13:34 still logged in
root :0 0.0.0.0 Thu Jul 22 13:34 - 13:34 (00:00)
root pts/2 0.0.0.0 Thu Jul 22 12:06 - 12:08 (00:01)
root pts/1 0.0.0.0 Thu Jul 22 12:06 - 12:08 (00:02)
root :0 96.124.236.183 Thu Jul 22 12:05 - 12:08 (00:02)
root :0 0.0.0.0 Thu Jul 22 12:05 - 12:05 (00:00)
reboot system boot 0.0.0.0 Thu Jul 22 14:04 (00:-24)
root pts/1 0.0.0.0 Thu Jul 22 11:59 - 12:01 (00:01)
root pts/1 0.0.0.0 Thu Jul 22 11:53 - 11:59 (00:06)
root pts/0 0.0.0.0 Thu Jul 22 11:53 - 12:03 (00:10)
root :0 96.124.236.183 Thu Jul 22 11:52 - 12:03 (00:10)
root :0 0.0.0.0 Thu Jul 22 11:52 - 11:52 (00:00)
reboot system boot 0.0.0.0 Thu Jul 22 13:51 (-1:-48)
last -a
root pts/1 Thu Jul 22 13:35 still logged in
root pts/0 Thu Jul 22 13:34 still logged in
root :0 Thu Jul 22 13:34 still logged in console
root :0 Thu Jul 22 13:34 - 13:34 (00:00)
root pts/2 Thu Jul 22 12:06 - 12:08 (00:01)
---------- Post updated 23-07-10 at 02:22 PM ---------- Previous update was 22-07-10 at 02:53 PM ----------
Do you need more information? Is my problem to trivial?
I really would like to understand why this ip address appears at each log in. And further how much of a security issue this might be.