messeage log 분석좀부탁드립니다.

Nov 11 14:44:28 maru arpwatch: bogon xxx.xxx.xxx.xxx

Nov 11 14:44:54 maru last message repeated 9 times
Nov 11 14:45:00 maru su(pam_unix)[32394]: session opened for user root by (uid=0)
Nov 11 14:45:00 maru arpwatch: bogon xxx.xxx.xxx.xxx
Nov 11 14:45:01 maru su(pam_unix)[32394]: session closed for user root
Nov 11 14:45:05 maru arpwatch: bogon xxx.xxx.xxx.xxx
Nov 11 14:45:37 maru last message repeated 11 times
Nov 11 14:46:41 maru last message repeated 26 times
Nov 11 14:47:42 maru last message repeated 19 times
Nov 11 14:48:43 maru last message repeated 17 times
Nov 11 14:48:47 maru arpwatch: bogon xxx.xxx.xxx.xxx

Nov 11 14:50:00 maru su(pam_unix)[32549]: session opened for user root by (uid=0)
Nov 11 14:50:00 maru su(pam_unix)[32549]: session closed for user root
Nov 11 14:55:00 maru su(pam_unix)[32701]: session opened for user root by (uid=0)
Nov 11 14:55:01 maru su(pam_unix)[32701]: session closed for user root
Nov 11 15:00:00 maru su(pam_unix)[387]: session opened for user root by (uid=0)
Nov 11 15:00:00 maru su(pam_unix)[387]: session closed for user root
Nov 11 15:01:07 maru arpwatch: bogon xxx.xxx.xxx.xxx

Nov 11 15:01:38 maru last message repeated 13 times
Nov 11 15:02:39 maru last message repeated 26 times
Nov 11 15:03:43 maru last message repeated 22 times
Nov 11 15:05:00 maru su(pam_unix)[572]: session opened for user root by (uid=0)
Nov 11 15:05:01 maru su(pam_unix)[572]: session closed for user root
Nov 11 15:09:01 maru arpwatch: bogon xxx.xxx.xxx.xxx
Nov 11 15:09:34 maru last message repeated 10 times
Nov 11 15:09:59 maru last message repeated 13 times
Nov 11 15:10:00 maru su(pam_unix)[724]: session opened for user root by (uid=0)
Nov 11 15:10:00 maru su(pam_unix)[724]: session closed for user root
Nov 11 15:10:01 maru arpwatch: bogon xxx.xxx.xxx.xxx

제가 공부용으로 서버를 하나돌리고있는데요 여기에자료가좀많습니다.

그런데 제가su 가 루트킷이설치되었다는것을 알고도어쩌지 못하고있는데요.

만약에 이런로그가발생되었다면 xxx.xxx.xxx.xxx가 해킹진원지로봐도되나요?!

아이피는 확실하지않아서 올리지않습니다.