Careful there, your e-mail client really mixed that message up, and made it look like I was the person asking that.
Thanks Dave ----- Original Message ----- From: "E.B. Dreger" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 28, 2003 10:34 AM Subject: Re: [cobalt-security] newbie question about portsentry log > DTH> Date: Fri, 28 Feb 2003 09:54:40 -0500 > DTH> From: "Dave @ The Hostworks" > > > AM> could someone explain whats happening here. > AM> I'm new to server admin in general. > > New to server administration? > > 1. Read, read, read > 2. Read more, read more, read more > 3. Read the archives > 4. Disable unused services > 5. Keep up to date on patches > 6. Install at least _some_ firewalling to protect against > certain problems. > > Nothing is a panacea. Vigilant administration is the only way. > > > AM> Feb 27 23:15:15 (none) imapd[19811]: imap service init from 127.0.0.1 > AM> Feb 27 23:15:15 (none) imapd[19811]: Logout user=??? host=localhost > AM> [127.0.0.1] > > Probably Cobalt's monitoring, periodically checking to see if > IMAP is running. Do you really need IMAP? > > > AM> Feb 27 23:23:06 (none) sendmail[20104]: NOQUEUE: > AM> dialpool.seattle.wa.ppp13.screaminet.com [208.186.188.179] (may be forged) > AM> did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA > > DTH> from what i see, that looks like someone just scanning for > DTH> open relays? > > No... someone just checking to see if 25/TCP is open. Note that > they never gave a MAIL command, which _must_ be done if one is > warscanning for open relays. > > > Eddy > -- > Brotsman & Dreger, Inc. - EverQuick Internet Division > Bandwidth, consulting, e-commerce, hosting, and network building > Phone: +1 (785) 865-5885 Lawrence and [inter]national > Phone: +1 (316) 794-8922 Wichita > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) > From: A Trap <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Please ignore this portion of my mail signature. > > These last few lines are a trap for address-harvesting spambots. > Do NOT send mail to <[EMAIL PROTECTED]>, or you are likely to > be blocked. > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
