[Lanux-Gral] hack: popa3d

James Dean Fri, 20 Jul 2012 17:17:34 -0700

Hola amigos...

tengo un problemita con un linux que es servidor de correo (SMTP/POP),
estan intentando hackear mi linux (según logs) pero el log esta
"incompleto" para poder aplicarle un DROP (esto lo hago con fail2ban). aquí
una muestra...


mail:/etc/postfix/maps# cat /var/log/syslog | grep "UNKNOWN USER"

Jul 20 19:00:51 mail popa3d[2118]: Authentication failed for UNKNOWN USER
Jul 20 19:00:53 mail popa3d[2120]: Authentication failed for UNKNOWN USER
Jul 20 19:00:54 mail popa3d[2122]: Authentication failed for UNKNOWN USER
Jul 20 19:00:56 mail popa3d[2124]: Authentication failed for UNKNOWN USER
Jul 20 19:00:58 mail popa3d[2126]: Authentication failed for UNKNOWN USER
Jul 20 19:00:59 mail popa3d[2128]: Authentication failed for UNKNOWN USER
Jul 20 19:01:01 mail popa3d[2130]: Authentication failed for UNKNOWN USER
Jul 20 19:01:02 mail popa3d[2132]: Authentication failed for UNKNOWN USER
Jul 20 19:01:04 mail popa3d[2134]: Authentication failed for UNKNOWN USER
Jul 20 19:01:06 mail popa3d[2136]: Authentication failed for UNKNOWN USER
Jul 20 19:01:08 mail popa3d[2140]: Authentication failed for UNKNOWN USER
Jul 20 19:01:09 mail popa3d[2142]: Authentication failed for UNKNOWN USER
Jul 20 19:01:11 mail popa3d[2144]: Authentication failed for UNKNOWN USER
Jul 20 19:01:12 mail popa3d[2147]: Authentication failed for UNKNOWN USER
Jul 20 19:01:14 mail popa3d[2150]: Authentication failed for UNKNOWN USER
Jul 20 19:01:15 mail popa3d[2152]: Authentication failed for UNKNOWN USER
Jul 20 19:01:18 mail popa3d[2164]: Authentication failed for UNKNOWN USER
Jul 20 19:01:18 mail popa3d[2162]: Authentication failed for UNKNOWN USER

Tengo :

postfix version = 2.3.8
popa3d version 1.0.2 (2006/05/23)

Que puedo hacer para que en la linea del log (syslog o mail.log) figure más
información, tales como : <IP> - <ACCOUNT> ???

de antemano muchas gracias !!!

Lanux - Grupo de usuarios de GNU/Linux de Lanus
Visitanos en: http://www.lanux.org.ar

Reglas de etiqueta para el posteo de mensajes a  la lista:
http://www.lanux.org.ar/?page_id=35

Articulos y noticias por rss:
http://www.lanux.org.ar/?feed=rss2

Lanux por irc:
irc.freenode.net -&gt; #lanux.
_______________________________________________
General mailing list
[email protected]
http://listas.lanux.org.ar/cgi-bin/mailman/listinfo/general

[Lanux-Gral] hack: popa3d

Responder a