On Sat, 24 Apr 1999, Weizhong wrote:
> Apr 14 11:35:29 nyc imapd[871]: connect from 194.212.150.52
> Apr 14 11:35:29 nyc imapd[871]: error: cannot execute /usr/sbin/imapd: No
> such file or directory
Somebody tried to connect you your imap server, quite probably to try and
exploit it. Since you don't have imapd installed, they didn't get
anywhere. This sort of thing is common on conneted linux boxes.
> Apr 22 23:41:36 nyc in.telnetd[2986]: connect from 199.245.173.3
> Apr 22 23:42:28 nyc in.telnetd[2988]: connect from 199.245.173.3
> Apr 22 23:46:12 nyc in.telnetd[3005]: connect from 199.245.173.3
> Apr 22 23:49:46 nyc in.telnetd[3021]: connect from 139.134.132.243
199.245.173.3 is rage.arpa.com, and 139.134.132.243 is
DPIP-A-002-pool-243.tmns.net.au. For some reason they (or somebody
spoofing as them) were trying to connect you your telnet server. It is
worth checking that they didn't successfully log in as anybody, but other
than that it probably isn't worth worrying about.
> Apr 23 18:01:14 nyc in.telnetd[6727]: connect from 12.10.189.5
> Apr 23 18:01:15 nyc in.telnetd[6728]: connect from 204.210.86.149
> Apr 23 18:01:15 nyc in.telnetd[6729]: connect from 12.10.189.5
> Apr 23 18:01:15 nyc in.telnetd[6730]: connect from 12.10.189.5
>
As above, but these IPs are almost definately spoofed.
I don't know of any recent bugs in telnetd, but it is a simple and often
fairly effective way of finding out what OS a box is running.
> Should I install fire-wall? how?
A firewall will add an extra level of security, so is certainly worth
considering. To set it up, you will need ipchains (which might come with
rh, but probably not 'cos it don't work on 2.0 kernels). It is fairly
easy to use once you have decided what to firewall out.
Y.
--
Mike <[EMAIL PROTECTED]>
A man with one watch knows what time it is.
A man with two watches is never quite sure.
