On Mon Dec 14 1998 at 15:09, [EMAIL PROTECTED] wrote:
don't use a Reply-To header in your messages (unless there is a *very*
good reason for doing so)
> Just recenlty i had some attacks, luckily the didnt get in and hose up my
> system, but here the log messages ...
> c 14 02:27:04 pfreak imapd[713]: connect from unknown
> Dec 14 02:42:57 pfreak imapd[722]: connect from 208.154.159.123
If you are not acting as an imap server, turn it off in
/etc/inetd.conf (along with any other daemons that you don't want
running, eg, pop).
> Dec 14 02:43:01 pfreak imapd[722]: Login failure user=^?^?^?^?^?^?^?^?^?^?^?^?^?
> ^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?
[...etc...]
> what the crap ?
It's probably looking for a buffer overflow bug. Did they find one?
(You better check...)
> I also wonder how it is that they got my IP address,
Probably did some network scanning and found someone at your IP
address and the daemon listening on that port. This is not uncommon.
> I was not
> in IRC. So I wonder how that could be.Anyone has any infoon this stuff and
> network security let me know ..
Check the usenet security newsgroups and look for their FAQs at
rtfm.mit.edu
Cheers
Tony
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
Tony Nugent <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Computer Systems Officer Faculty of Science
University of Southern Queensland, Toowoomba Oueensland Australia
-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
