For best security, you shouldn't use tcp_wrappers to deny just suspicious
ones - because at that point it may be too late once you notice it. You
should deny all by default and allow only the ones you know to be
legitimate connections.
Secondly, do you use imap? Is this machine a mail server that provides
imap services to other computers? If not, you should disable imapd from
/etc/inetd.conf by commenting it out.
--
Brian Hayward
On Tue, 29 Aug 2000, Scott Kindley wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Aug 29 04:21:12 ns1 in.telnetd[11975]: refused connect from
>63.145.81.31
>Aug 29 04:21:12 ns1 in.telnetd[11977]: refused connect from
>63.145.81.31
>Aug 29 04:21:12 ns1 in.telnetd[11976]: refused connect from
>63.145.81.31
>Aug 29 04:21:12 ns1 in.telnetd[11978]: refused connect from
>63.145.81.31
>Aug 29 04:21:12 ns1 in.telnetd[11979]: refused connect from
>63.145.81.31
>Aug 29 04:21:12 ns1 in.telnetd[11980]: refused connect from
>63.145.81.31
>Aug 29 04:21:12 ns1 in.telnetd[11981]: refused connect from
>63.145.81.31
>Aug 29 04:21:12 ns1 in.telnetd[11982]: refused connect from
>63.145.81.31
>Aug 29 04:21:13 ns1 in.telnetd[11983]: refused connect from
>63.145.81.31
>Aug 29 04:21:13 ns1 imapd[11984]: refused connect from 63.145.81.31
>Aug 29 04:21:13 ns1 imapd[11988]: refused connect from 63.145.81.31
>Aug 29 04:21:13 ns1 imapd[11987]: refused connect from 63.145.81.31
>Aug 29 04:21:13 ns1 imapd[11985]: refused connect from 63.145.81.31
>Aug 29 04:21:13 ns1 imapd[11986]: refused connect from 63.145.81.31
>Aug 29 04:21:13 ns1 imapd[11989]: refused connect from 63.145.81.31
>Aug 29 04:21:13 ns1 in.telnetd[11990]: refused connect from
>63.145.81.31
>Aug 29 04:21:13 ns1 in.telnetd[11991]: refused connect from
>63.145.81.31
>Aug 29 04:21:13 ns1 in.telnetd[11992]: refused connect from
>63.145.81.31
>Aug 29 04:21:15 ns1 in.telnetd[11993]: refused connect from
>63.145.81.31
>Aug 29 04:21:15 ns1 imapd[11994]: refused connect from 63.145.81.31
>Aug 29 04:21:16 ns1 imapd[11995]: refused connect from 63.145.81.31
>Aug 29 04:21:16 ns1 imapd[11996]: refused connect from 63.145.81.31
>Aug 29 04:21:16 ns1 imapd[11997]: refused connect from 63.145.81.31
>Aug 29 04:21:16 ns1 in.telnetd[11998]: refused connect from
>63.145.81.31
>Aug 29 04:21:16 ns1 in.telnetd[11999]: refused connect from
>63.145.81.31
>Aug 29 04:21:16 ns1 in.telnetd[12000]: refused connect from
>63.145.81.31
>Aug 29 04:21:16 ns1 in.telnetd[12001]: refused connect from
>63.145.81.31
>Aug 29 04:21:16 ns1 in.telnetd[12002]: refused connect from
>63.145.81.31
>Aug 29 04:21:16 ns1 in.telnetd[12003]: refused connect from
>63.145.81.31
>Aug 29 04:21:19 ns1 in.telnetd[12004]: refused connect from
>63.145.81.31
>
>
>Not one of my IP's. Don't know anybody using any IP on that network.
>Any suggestions o how to handle this? It's my first attempt at being
>hacked. I have him blocked with wrappers after a telnet attempt a few
>days ago that I thought looked funny. So for now I think I'm ok. I have
>checked me logs and verified nothing has changed on the system. So
>entry wasn't made. Still the attempt is bugging me.
>
>- -----
>Scott Kindley
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 6.5.2
>
>iQA/AwUBOav+xdWX5RP8v4x6EQJz1ACg6Nfqhv9GFc+XjLBXgFc4+nh4UqUAnidp
>SCLYRw1deJdSu6VUI4Y4TxEQ
>=kYu/
>-----END PGP SIGNATURE-----
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
