[1738] in linux-security and linux-alert archive
[linux-security] Lightning fast attacks?
daemon@ATHENA.MIT.EDU (Eric Wampner)
Sat May 9 01:46:33 1998
Date: Fri, 08 May 1998 09:39:09 -0400
From: Eric Wampner <eww@kataent.com>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
RH4.2 Linux Intel
Last night I got three of these log messages: Two in a row, one a bit later.
May 8 00:35:15 osg-gw imapd[4307]: warning: can't get client address:
Connectio
n reset by peer
May 8 00:35:15 osg-gw imapd[4307]: refused connect from unknown
Now, I have imapd blocked to non-local users using tcpd wrappers, so
tcpd is trying to find the address of the remote machine (all my wrappers
are specified using IP addresses rather than domain names).
I assume that some call (getpeername?) is failing on the connect, so it
rejects the connection.
My question, is the attacker learning anything? Are they able to "time" their
connection requests so they know if you are trying to track them?
eric
--
-
Eric Wampner Orlando Software Group, Inc. eww@kataent.com
Software Engineer (407) 366-0909 wampner.e.w@orlsoftgrp.com
Systems Administrator fax (407) 366-2721 eww@iag.net
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null