DTH> Date: Fri, 28 Feb 2003 09:54:40 -0500 DTH> From: "Dave @ The Hostworks"
AM> could someone explain whats happening here. AM> I'm new to server admin in general. New to server administration? 1. Read, read, read 2. Read more, read more, read more 3. Read the archives 4. Disable unused services 5. Keep up to date on patches 6. Install at least _some_ firewalling to protect against certain problems. Nothing is a panacea. Vigilant administration is the only way. AM> Feb 27 23:15:15 (none) imapd[19811]: imap service init from 127.0.0.1 AM> Feb 27 23:15:15 (none) imapd[19811]: Logout user=??? host=localhost AM> [127.0.0.1] Probably Cobalt's monitoring, periodically checking to see if IMAP is running. Do you really need IMAP? AM> Feb 27 23:23:06 (none) sendmail[20104]: NOQUEUE: AM> dialpool.seattle.wa.ppp13.screaminet.com [208.186.188.179] (may be forged) AM> did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA DTH> from what i see, that looks like someone just scanning for DTH> open relays? No... someone just checking to see if 25/TCP is open. Note that they never gave a MAIL command, which _must_ be done if one is warscanning for open relays. Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to be blocked. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
