If you're really paranoid..you should format and start over. Otherwise, start running portsentry and logcheck (search freshmeat). Portsentry will block any host that tries to scan you and logcheck will email you weird log entries. Portsentry has blocked at least 10 hosts since I started running it....very useful.
On Mon, Jun 21, 1999 at 04:28:54PM -0500, Marc Mongeon wrote: > It looks like somebody ran some sort of port scanner against your > system, looking for a vulnerability. From the attached logs, it wasn't > obvious that the attack was successful. Did you find evidence on > the system that it had been cracked? It's possible that imapd with- > stood the attack. I'm no security expert, and only responded with > my 2 cents worth to keep the topic from dying. Any input from more > knowledgeable people out there? > > Marc > > > ---------- > Marc Mongeon <[EMAIL PROTECTED]> > Unix Specialist > Ban-Koe Systems > 9100 W Bloomington Fwy > Bloomington, MN 55431-2200 > (612)888-0123, x417 | FAX: (612)888-3344 > ---------- > "It's such a fine line between clever and stupid." > -- David St. Hubbins and Nigel Tufnel of "Spinal Tap" > > > >>> Dan DeMond <[EMAIL PROTECTED]> 06/21 2:44 PM >>> > Hello all, > I'm think that our system may have been cracked. I think they got > in through imapd, because of what was in the logfile(see attachment). > > My question is, did they really get in through imapd? On > www.cert.org there was an advisory for imapd, but that was last year this > time. Cert said the affected versions were <=10.234, while our version > reports 11.241. Are newer versions still vulnerable? > > Thanks in Advance, > Dan DeMond > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > -- Rahsheen Porter <[EMAIL PROTECTED]> <UIN: 2464469>
