> hi everybody,
>
> I�m maintaining 3 different, independent networks, all connected to the
> internet
> for quite a while now I am finding entries of the following form in the
> syslogs of ALL my gateways
>
> in.telnetd: refused IP address
> popper: refused (same) IP address
> (sometimes:) in.telnetd: refused (same) IP address
>
> what are these? I know that somebody is trying to connect to my machine
> on ports where i do not want this to happen - i secured these ports
> quite a while ago now, but what interests me is: what are these people
> trying to do? is this sort of special scanning? breakin attempts? all of
> my gateway machines are running linux, just in case this matters
I have also been observing the same thing.... Port scans on the telnet and
pop3 OR imap ports, then connection attempts if a daemon is found... I
maintain several machines on several networks which are on different net
blocks, and nearly all have been scanned this way.. (not from the same
source address... but as everyone here should know by now, those are easily
spoofed)..
It has led me to wonder if there is a new exploit floating around for the
pop3 daemon, or since it is usually distributed in the same package as the
imap daemon, if they are looking for an imap server or an new exploit in the
pop3 code part of the package.....
--
--
---
Sami Yousif
mailto:[EMAIL PROTECTED]
http://www.mav.net/teddyr/syousif/ personal HP.
http://www.alug.org/ Amarillo Linux Users Group
[eMail sent to any of my addresses is subject to the Conditions outlined
in http://www.mav.net/teddyr/emailtos.shtml]
[Note: I no longer support ARNet (arn.net) as an ISP nor WTAMU
(wtamu.edu) as an educational institution nor LEK (lektech.com) as a
Computer Supplier] {http://www.mav.net/teddyr/access/banned.shtml}
[heard somewhere: "You have the right to remain clueless. Anything you
know may be used against you in a court of law"]
Another day, so many more LARTS to go. [BOFH, BUFH, JOAT]
"Understanding is a three edge sword: Our side, Their Side, and the
Truth" Babylon 5
<time is on my side>
Tuesday, January 19th 2038, 03:14:07 UTC: Are YOU Ready?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
