Hello everyone,

I've just received syslog messages that I completely don't understand. Does anybody know why this messages have been sent to syslog.log file. And also if there is any problem with my server machine. And what I should do to solve the problem.

Feb 13 16:21:23 hpd002 syslog: libtt[18108]: ttdt_Xt_input_handler(): tttk_message_receive(): TT_ERR_NOMP^INo ttsession pr ocess is running, probably because tt_open() has not been called yet. If this code is returned from tt_open() it means tts ession could not be started, which generally means ToolTalk is not installed on this system. Feb 13 16:21:23 hpd002 syslog: libtt[18117]: ttdt_Xt_input_handler(): tttk_message_receive(): TT_ERR_NOMP^Ittsession ^Cv^C ^M^CZ^CX^B*^S.^Ml^B5^BD^B"^B\^B9^Bq^AB^Q=^U*^AAtt_open() ^B*^LD^BQ^Oo^B3^Bj^BD^B"^BH^B"^B1^BF^B*^L4^Hv^BE^B7^ABtt_open() ^ B)^Bg^B1^BL^CR^A[^Ch^B*^UT^B3^Bj^B=^Oj^M^G^BM^AAttsession ^B*^KN^S.^BE^B+^BH^B"^BF^B"^B$^HS^V!^BE^B ^Bh^AA^RJ^Om^BM ToolTa lk ^B*^B1^BL^CV^CX^Ce^C

My guess is someone's been trying to run a buffer overrun exploit on your libtt install. (a part of the ToolTalk package) a quick look on securityfocus pulls up 14 advisories against that particular software. my guess is you're being hit by someone trying to exploit this: http://online.securityfocus.com/advisories/3647 but that's just a really quick guess.