> -----Original Message-----
> From: [EMAIL PROTECTED]@CPR
[mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 27, 2001 8:48 AM
> To: [EMAIL PROTECTED]
> Subject: [cobalt-security] Problems with logcheck readout?
>
>
> Hi,
> I have just installed logcheck and recieved my first e-mail back from
it.
> It contains hundreds of entries and to be honest I don't understand
much of
> it.
> Can you help?
>
> I have included one example of each entry, although most are featured
> many many times.
>
> Mar 27 05:15:03 ns1 sendmail[26811]: NOQUEUE: localhost [127.0.0.1]
did not
> issue MAIL/EXPN/VRFY/ETRN during connection to MTA
^^Normal. Just your system checking your sendmail.^^
> Mar 21 17:15:33 ns1 proftpd[16878]: server name
> (ARouen-101-1-1-109.abo.wanadoo.fr[193.251.28.109]) - no such user
> 'anonymous'
> Mar 21 17:15:35 ns1 last message repeated 4 times
> Mar 21 17:15:35 ns1 proftpd[16878]: server name
> (ARouen-101-1-1-109.abo.wanadoo.fr[193.251.28.109]) - USER anonymous
(Login
> failed): Can't find user.
> Mar 21 17:15:36 ns1 proftpd[16878]: server name
> (ARouen-101-1-1-109.abo.wanadoo.fr[193.251.28.109]) - FTP session
closed.
^^Suspcious. Looks like someone is trying to log in anonymously.^^
> This one appears evey few minutes, hundreds of entries
>
> Mar 22 00:00:01 ns1 proftpd[901]: server name (localhost[127.0.0.1]) -
FTP
> session closed.
> Mar 22 00:00:04 ns1 telnetd[914]: ttloop: read: Broken pipe
^^Normal. Just your system checking your FTP and Telnet.^^
> What does it mean?
> Thanks
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
