Mysterious entries in daemon log, mail.log; should I worry?

[Ralph Katz]

While looking for something else, I stumbled over these log entries that 
I don't understand.  No other users were connected at the time, and no 
user has ever used these services. This box should not run the identd, 
imapd, or in.qpopper services!  I've removed them now just to be sure. 
How could these entries have been created?  I have never seen entries 
for these services in any log in /var/log.

zgrepping /var/log/* for these services found no other instances.
Could this have been a rogue web page javascript attack?  Can someone 
help me understand what may have happened?  Should I be concerned?  It 
does look like nothing actually completed successfully.

Linux spike 2.4.25-1-686 #3 Wed Apr 14 21:56:44 EST 2004 i686 GNU/Linux
~$ cat /etc/debian_version
testing/unstable
Thanks!
Ralph
/var/log/daemon.log
Jun 25 14:47:35 spike in.qpopper[3690]: warning: can't get client 
address: Connection reset by peer
Jun 25 14:47:35 spike imapd[3692]: warning: can't get client address: 
Connection reset by peer
Jun 25 14:47:35 spike imapd[3694]: warning: can't get client address: 
Connection reset by peer
Jun 25 14:47:35 spike identd[3693]: started
Jun 25 14:47:35 spike identd[3693]: s_getpeername(10): Transport 
endpoint is not connected
Jun 25 14:47:35 spike imapd[3692]: connect from unknown
Jun 25 14:47:35 spike in.qpopper[3690]: connect from unknown
Jun 25 14:47:35 spike imapd[3694]: connect from unknown
Jun 25 15:24:11 spike imapd[3738]: warning: can't get client address: 
Connection reset by peer
Jun 25 15:24:11 spike imapd[3738]: connect from unknown
Jun 25 15:24:11 spike in.qpopper[3741]: warning: can't get client 
address: Connection reset by peer
Jun 25 15:24:11 spike in.qpopper[3741]: connect from unknown
Jun 25 15:24:11 spike imapd[3743]: warning: can't get client address: 
Connection reset by peer
Jun 25 15:24:11 spike imapd[3743]: connect from unknown
Jun 25 15:24:11 spike identd[3742]: started
Jun 25 15:24:11 spike identd[3742]: s_getpeername(10): Transport 
endpoint is not connected
Jun 25 15:24:13 spike imapd[3754]: connect from 127.0.0.1
Jun 25 15:24:13 spike imapd[3755]: connect from 127.0.0.1
Jun 25 15:24:13 spike in.qpopper[3756]: connect from 127.0.0.1
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 218762506 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 1195725856 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 1330664521 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 1330664521 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length -2147483608 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 1966086 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 786432 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 1212501072 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 369295360 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: bad message (no request id)
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 1811942144 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 23356774 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 806093313 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 1414417744 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 50331659 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 1148019796 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 973078528 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike fam[3740]: fd 4 message length 16777469 bytes 
exceeds max of 4136.
Jun 25 15:24:18 spike imapd[3760]: connect from 127.0.0.1
Jun 25 15:24:23 spike imapd[3762]: connect from 127.0.0.1
Jun 25 15:24:23 spike imapd[3763]: connect from 127.0.0.1
Jun 25 15:24:23 spike imapd[3764]: connect from 127.0.0.1
Jun 25 15:24:23 spike imapd[3765]: connect from 127.0.0.1
Jun 25 15:24:23 spike imapd[3766]: connect from 127.0.0.1
Jun 25 15:24:23 spike imapd[3767]: connect from 127.0.0.1
Jun 25 15:24:28 spike imapd[3769]: connect from 127.0.0.1
Jun 25 15:24:28 spike imapd[3770]: connect from 127.0.0.1

/var/log/mail.log
Jun 25 14:47:36 spike in.qpopper[3690]: Unable to obtain socket and 
address of client: Transport endpoint is not connected (107) 
[pop_init.c:1062]
Jun 25 14:47:36 spike imapd[3692]: imaps SSL service init from UNKNOWN
Jun 25 14:47:36 spike imapd[3694]: imap service init from UNKNOWN
Jun 25 14:47:36 spike imapd[3692]: Command stream end of file, while 
reading line user=??? host=UNKNOWN
Jun 25 15:24:11 spike imapd[3738]: imaps SSL service init from UNKNOWN
Jun 25 15:24:11 spike imapd[3743]: imap service init from UNKNOWN
Jun 25 15:24:11 spike in.qpopper[3741]: Unable to obtain socket and 
address of client: Transport endpoint is not connected (107) 
[pop_init.c:1062]
Jun 25 15:24:12 spike imapd[3738]: Command stream end of file, while 
reading line user=??? host=UNKNOWN
Jun 25 15:24:13 spike imapd[3754]: imaps SSL service init from 127.0.0.1
Jun 25 15:24:13 spike imapd[3755]: imap service init from 127.0.0.1
Jun 25 15:24:13 spike in.qpopper[3756]: (null) at spike (127.0.0.1): 
-ERR POP EOF or I/O Error [popper.c:820]
Jun 25 15:24:13 spike in.qpopper[3756]: I/O error flushing output to 
client  at spike [127.0.0.1]: Broken pipe (32) [pop_send.c:689]
Jun 25 15:24:13 spike imapd[3755]: Command stream end of file, while 
reading line user=??? host=spike [127.0.0.1]
Jun 25 15:24:18 spike imapd[3754]: Unable to accept SSL connection, 
host=spike [127.0.0.1]
Jun 25 15:24:18 spike imapd[3754]: SSL error status: error:1407609C:SSL 
routines:SSL23_GET_CLIENT_HELLO:http request
Jun 25 15:24:18 spike imapd[3760]: imaps SSL service init from 127.0.0.1
Jun 25 15:24:23 spike imapd[3762]: imaps SSL service init from 127.0.0.1
Jun 25 15:24:23 spike imapd[3762]: Unable to accept SSL connection, 
host=spike [127.0.0.1]
Jun 25 15:24:23 spike imapd[3760]: Command stream end of file, while 
reading line user=??? host=spike [127.0.0.1]
Jun 25 15:24:23 spike imapd[3762]: SSL error status: error:140760FC:SSL 
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Jun 25 15:24:23 spike imapd[3763]: imaps SSL service init from 127.0.0.1
Jun 25 15:24:23 spike imapd[3763]: Unable to accept SSL connection, 
host=spike [127.0.0.1]
Jun 25 15:24:23 spike imapd[3763]: SSL error status: error:140760FC:SSL 
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Jun 25 15:24:23 spike imapd[3764]: imaps SSL service init from 127.0.0.1
Jun 25 15:24:23 spike imapd[3764]: Unable to accept SSL connection, 
host=spike [127.0.0.1]
Jun 25 15:24:23 spike imapd[3764]: SSL error status: error:140760FC:SSL 
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Jun 25 15:24:23 spike imapd[3765]: imaps SSL service init from 127.0.0.1
Jun 25 15:24:23 spike imapd[3765]: Unable to accept SSL connection, 
host=spike [127.0.0.1]
Jun 25 15:24:23 spike imapd[3765]: SSL error status: error:140760FC:SSL 
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Jun 25 15:24:23 spike imapd[3766]: imaps SSL service init from 127.0.0.1
Jun 25 15:24:23 spike imapd[3766]: Unable to accept SSL connection, 
host=spike [127.0.0.1]
Jun 25 15:24:23 spike imapd[3766]: SSL error status: error:140760FC:SSL 
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Jun 25 15:24:23 spike imapd[3767]: imaps SSL service init from 127.0.0.1
Jun 25 15:24:28 spike imapd[3769]: imaps SSL service init from 127.0.0.1
Jun 25 15:24:28 spike imapd[3767]: Command stream end of file, while 
reading line user=??? host=spike [127.0.0.1]
Jun 25 15:24:28 spike imapd[3769]: Command stream end of file, while 
reading line user=??? host=spike [127.0.0.1]
Jun 25 15:24:28 spike imapd[3770]: imaps SSL service init from 127.0.0.1
Jun 25 15:24:28 spike imapd[3770]: Command stream end of file, while 
reading line user=??? host=UNKNOWN

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]