logcheck sent me the following. Am I right in assuming that this is an attempt at an attack? I've added the ip address to my ipchains input chain to deny access but I'm wondering if I need to do anthing else. Suggestions?
Thanks! Jan 6 07:08:27 www sshd[26034]: Did not receive identification string from 213.51.70.147 Jan 6 07:08:26 www in.qpopper[26036]: connect from 213.51.70.147 Jan 6 07:08:28 www imapd[26037]: connect from 213.51.70.147 Jan 6 07:17:45 www imapd[26469]: connect from 213.51.70.147 Jan 6 07:08:27 www in.qpopper[26036]: EOF from at 213.51.70.147 (cp101170-b.schoo1.lb.nl.home.com): [0] 29 (Illegal seek); 0 (Success) Jan 6 07:08:27 www in.qpopper[26036]: (null) at cp101170-b.schoo1.lb.nl.home.com (213.51.70.147): -ERR POP EOF or I/O Error: 29 (Illegal seek); 0 (Success) Jan 6 07:08:28 www sendmail[26035]: NOQUEUE: Null connection from cp101170-b.schoo1.lb.nl.home.com [213.51.70.147] Jan 6 07:08:28 www imapd[26037]: imap service init from 213.51.70.147 Jan 6 07:08:28 www imapd[26037]: Command stream end of file, while reading line user=??? host=cp101170-b.schoo1.lb.nl.home.com [213.51.70.147] Jan 6 07:17:45 www imapd[26469]: imap service init from 213.51.70.147 Jan 6 07:17:58 www imapd[26469]: Command stream end of file, while reading line user=??? host=cp101170-b.schoo1.lb.nl.home.com [213.51.70.147]Jan 6 08:18:36 www sendmail[26511]: NOQUEUE: Null connection from cp101170-b.schoo1.lb.nl.home.com [213.51.70.147] I've got the following services listening on the box: tcp 0 0 *:www *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 *:81 *:* LISTEN tcp 0 0 *:snpp *:* LISTEN tcp 0 0 *:7937 *:* LISTEN tcp 0 0 *:mysql *:* LISTEN tcp 0 0 *:7938 *:* LISTEN tcp 0 0 *:smtp *:* LISTEN tcp 0 0 *:617 *:* LISTEN tcp 0 0 *:imap2 *:* LISTEN tcp 0 0 *:pop-3 *:* LISTEN _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
