Re: IMAP attacks ??

Tue, 15 Dec 1998 20:33:51 -0500 

Thanx for your information, I edited /etc/inetd.conf  and #killall -HUP inetd 
hopefully that did it for that.
How can i check for a buffer overflow ? 
Also, what are some good network security programs? Im sure there are some
built into slakware that i dont know about yet. anything other than  
# tail -f /var/log/messages
??
Thanx again.

On 15-Dec-98 Tony Nugent wrote:
> On Mon Dec 14 1998 at 15:09, [EMAIL PROTECTED] wrote:
> 
> don't use a Reply-To header in your messages (unless there is a *very*
> good reason for doing so)
> 
>> Just recenlty i had some attacks, luckily the didnt get in and hose up my
>> system, but here the log messages ...
>> c 14 02:27:04 pfreak imapd[713]: connect from unknown
>> Dec 14 02:42:57 pfreak imapd[722]: connect from 208.154.159.123
> 
> If you are not acting as an imap server, turn it off in
> /etc/inetd.conf (along with any other daemons that you don't want
> running, eg, pop).
> 
>> Dec 14 02:43:01 pfreak imapd[722]: Login failure
>> user=^?^?^?^?^?^?^?^?^?^?^?^?^?
>> ^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^?^
>> ?^?
> 
> [...etc...]
> 
>> what the crap ?
> 
> It's probably looking for a buffer overflow bug.  Did they find one?
> (You better check...)
> 
>> I also wonder how it is that they got my IP address,
> 
> Probably did some network scanning and found someone at your IP
> address and the daemon listening on that port.  This is not uncommon.
> 
>> I was not
>> in IRC. So I wonder how that could be.Anyone has any infoon this stuff and
>> network security let me know ..
> 
> Check the usenet security newsgroups and look for their FAQs at
> rtfm.mit.edu
> 
> Cheers
> Tony
>  -=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
>   Tony Nugent <[EMAIL PROTECTED]>           <[EMAIL PROTECTED]>
>   Computer Systems Officer                       Faculty of Science
>   University of Southern Queensland, Toowoomba Oueensland Australia
>  -=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-

----------------------------------
E-Mail: [EMAIL PROTECTED]
Date: 15-Dec-98
Time: 18:18:06

"Linux: for people with an IQ higher than 95' or 98'"
----------------------------------

Reply via email to