first question...do you have pop3 running outside of your firewall? My guess is yes. Second question...do you need pop3 running outside of your firewall? hopefully not.
I'd rethink your security setup... The names look to me like hackers...though Beer|Stylez seems like the friendly sort... ;-) I killed all POP3 on my servers for this very reason. -----Original Message----- From: Peter Kiem [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 23, 2002 6:14 PM To: [EMAIL PROTECTED] Subject: Wierd maillogs - hackers perhaps? On a client's machine I am seeing the following in /var/log/secure: Jul 24 09:38:57 server xinetd[712]: START: pop3 pid=9265 from=203.206.48.98 Jul 24 09:38:57 server xinetd[9265]: USERID: pop3 UNIX : StyleZdark but in /var/log/maillog I see: Jul 24 09:38:57 server ipop3d[9265]: pop3 service init from 203.222.73.162 Jul 24 09:38:58 server ipop3d[9265]: Login user=adam host=203-206-48-98-dial.froggy.com.au [203.206.48.98] nmsgs=0/0 Jul 24 09:38:59 server ipop3d[9265]: Logout user=adam host=203-206-48-98-dial.froggy.com.au [203.206.48.98] nmsgs=0 ndele=0 The POP3 usernames don't match up and neither do the host IP addresses! The connection is made from 203.222.73.162 but 203.206.48.98 is checking the mail? The POP3 names are things like: dARk_s7y13z IcE_StyleZ stylezIcE `Ice|Stylez {Ice^Stylez] {Beer|Stylez} StYlEzDark dark_StYlEz The names are quite worrying. Anyone have any idea what is happening here? Regards, +-----------------------+---------------------------------+ | Peter Kiem | E-Mail : <[EMAIL PROTECTED]> | | Zordah IT | Mobile : +61 0414 724 766 | | IT Consultancy & | WWW : www.zordah.net | | Internet Hosting | ICQ : "Zordah" 866661 | +-----------------------+---------------------------------+ _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
