[1738] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Lightning fast attacks?

daemon@ATHENA.MIT.EDU (Eric Wampner)
Sat May 9 01:46:33 1998

Date: Fri, 08 May 1998 09:39:09 -0400
From: Eric Wampner <eww@kataent.com>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

RH4.2 Linux Intel

Last night I got three of these log messages: Two in a row, one a bit later.

May  8 00:35:15 osg-gw imapd[4307]: warning: can't get client address:
Connectio
n reset by peer
May  8 00:35:15 osg-gw imapd[4307]: refused connect from unknown

Now, I have imapd blocked to non-local users using tcpd wrappers, so
tcpd is trying to find the address of the remote machine (all my wrappers
are specified using IP addresses rather than domain names).

I assume that some call (getpeername?) is failing on the connect, so it
rejects the connection.

My question, is the attacker learning anything? Are they able to "time" their
connection requests so they know if you are trying to track them?

eric

-- 
-
Eric Wampner          Orlando Software Group, Inc.      eww@kataent.com
Software Engineer           (407) 366-0909       wampner.e.w@orlsoftgrp.com
Systems Administrator     fax (407) 366-2721              eww@iag.net

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post