Can someone tell me what these logs mean??

1) Ive been looking into the logs and what does this mean??


Apr 16 15:59:00 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:02 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:03 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:03 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:03 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:05 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:06 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:06 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:08 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:08 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:09 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:12 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:12 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:14 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:20 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:21 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:23 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:24 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:24 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:24 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:27 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:27 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:27 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:29 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:30 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:30 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:33 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:33 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6$
Apr 16 15:59:36 user01 kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0d:61:b2:43:8a:00:0f:23:8b:bb:ff:08:00 SRC=66.14.238.176 DST=6
2) and also why does my server ftping to itself or something??

Apr 17 16:04:05 server proftpd[5574]: server.xxxx.com (localhost[127.0.0.1]) - FTP session opened.
Apr 17 16:04:05 server proftpd[5574]: server.xxxx.com (localhost[127.0.0.1]) - FTP session closed.
3)Also after I made changed to /etc/proftpd.conf.. i tried to restart it by using 'serivice proftpd restart' but it showed me the error below. How ever in whm status green light for proftpd still?... so i used whm to restart proftpd and it works. Why doesnt the command work and whm restart works?
root@server [/usr/src/chkrootkit-0.43]# service proftpd restart
/sbin/service: line 68: 17383 Hangup env -i LANG=$LANG PATH=$PATH TERM=$TERM "${SERVICEDIR}/${SERVICE}" ${OPTION

 

 

 

 

Top