--- Sean Ward <[EMAIL PROTECTED]> wrote: > > I have an entry in the logs like this: > > 7 04:44:02 ns sendmail[306]: NOQUEUE: Null > connection from > 24-90-190-122.nyc.rr.com [24.90.190.122] Oct 7 > 05:00:40 ns > in.qpopper[972]: (v?) > > Followed by a legitimate pop login > > After this, several logcheck files are considerably > reduced (3K) and > only show the following info: > > Unusual System Events > =-=-=-=-=-=-=-=-=-=-= > Oct 7 05:30:45 ns named[554]: Cleaned cache of 19 > RRsets > Oct 7 05:30:45 ns named[554]: USAGE 1033986645 > 1033109953 > CPU=5.73u/3.09s CHILDCPU=0u/0s Oct 7 05:30:45 ns > named[554]: NSTATS > 1033986645 1033109953 A=1716 NS=1 CNAME=6 SOA=3 > PTR=2292 MX=971 TXT=1 > AAAA=238 38=228 ANY=764 Oct 7 05:30:45 ns > named[554]: XSTATS 1033986645 > 1033109953 RR=3246 RNXD=92 RFwdR=2005 RDupR=0 > RFail=5 RFErr=0 RErr=1 > RAXFR=0 RLame=10 ROpts=0 SSysQ=1071 SAns=6905 > SFwdQ=1476 SDupQ=134 > SErr=0 RQ=7039 RIQ=1 RFwdQ=1476 RDupQ=3 RTCP=0 > SFwdR=2005 SFail=0 > SFErr=0 SNaAns=3319 SNXD=137 RUQ=0 RURQ=0 RUXFR=0 > RUUpd=0 > > As well, virtual sites were unavailable for a period > of time and the > legitimate POP logins did not function. > > Any ideas what I should do next? > > Thanks, > > Sean > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security I know this isn't much help, but I've seen the same person show up in my logs, quite a few times....BTW, they have a Netopia router at that IP address, OPEN to the public......nudge, nudge, wink, wink........
__________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
