Well .. in the first case, someone tried to make an imap connection to your
system and failed because either inetd or tcpd (depends on how you have your
system set up) couldn't find the imapd daemon. To fix this, you don't need a
firewall; just open /etc/inetd.cond. find the line for imap, comment it out,
save the file, and restart (or SIGHUP) inetd. (This assumes you don't
actually use imap, which I infer from the absence of the daemon. If you do
use it, see next paragraph.)
The telnets are attempts to connect to your system from the indicated hosts,
presumably logged by tcpd. You can use "last" to check if there were
*successful* logins from these sites. If you want to run telnet but restrict
access to limited IP addresses (for example, allow telnets from your LAN but
not in from the Internet), you can do this with appropriate entries in
/etc/hosts.allow and /etc/hosts.deny . "man 5 hosts_access" and "man 5
hosts_options" will give you the details.
BTW, if your system enabled imapd by default, you may want to take a careful
look through /etc/inetd.conf and see if other services you don't use are
also enabled. You can disable them the same way as I describe in the first
paragraph.
At 10:55 AM 4/24/99 -0400, Weizhong wrote:
>Hi,
>
>I happened to check the logs and found something I could not understand in
>secure log:
[rest deleted]
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
762 Garland Drive
Palo Alto, CA 94303-3603
650.328.4219 voice [EMAIL PROTECTED]
----------------------------------------------------------------
