[101857] in RedHat Linux List
Hacking attempts
daemon@ATHENA.MIT.EDU (Chris Dodd)
Mon Nov 30 00:42:50 1998
Reply-To: "Chris Dodd" <cdodd@kemperjapan.com>
From: "Chris Dodd" <cdodd@kemperjapan.com>
To: <redhat-list@redhat.com>
Date: Mon, 30 Nov 1998 14:40:42 +0900
Resent-From: redhat-list@redhat.com
Hey all.
Is there a good reference to see if people are [trying] hacking your server?
Here is a sample from my secure.1 log.
Nov 25 20:38:13 shrouded in.ftpd[12976]: connect from 24.128.6.166
Nov 25 20:38:14 shrouded in.telnetd[12977]: connect from 24.128.6.166
Nov 25 20:38:14 shrouded in.telnetd[12978]: connect from 24.128.6.166
Nov 25 23:46:37 shrouded ipop3d[13125]: connect from 24.113.41.239
Nov 25 23:46:37 shrouded ipop3d[13125]: error: cannot execute
/usr/sbin/ipop3d:
No such file or directory
Nov 26 02:29:43 shrouded in.telnetd[13264]: connect from 204.254.252.123
Nov 26 02:30:51 shrouded in.telnetd[13265]: connect from 204.254.252.123
Nov 26 03:00:24 shrouded ipop3d[13273]: connect from 24.113.36.228
Nov 26 03:00:24 shrouded ipop3d[13273]: error: cannot execute
/usr/sbin/ipop3d:
No such file or directory
Nov 26 04:21:08 shrouded imapd[13565]: warning: can't get client address:
Connec
tion timed out
Nov 26 04:21:08 shrouded imapd[13565]: connect from unknown
Nov 26 04:21:08 shrouded imapd[13565]: error: cannot execute
/usr/sbin/imapd: No
such file or directory
Nov 26 12:22:20 shrouded imapd[13943]: warning: can't get client address:
Connec
tion reset by peer
Nov 26 12:22:20 shrouded imapd[13943]: connect from unknown
Nov 26 12:22:20 shrouded imapd[13943]: error: cannot execute
/usr/sbin/imapd: No
such file or directory
Nov 26 12:51:23 shrouded imapd[13950]: connect from 130.161.37.152
Nov 26 12:51:23 shrouded imapd[13950]: error: cannot execute
/usr/sbin/imapd: No
such file or directory
None of those IPs are mine. If these are attempts, what do you all suggest
I should do?
Thanks,
Chris
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
