Linux-Misc Digest #340, Volume #26 Sun, 19 Nov 00 07:13:02 EST
Contents:
Re: Hacked? Is that the reason for my new mail problems? (Glitch)
Re: Hacked? Is that the reason for my new mail problems? (Harold Stevens ** PLEASE
SEE SIG **)
Re: Why does linux keep crashing? (Thomas Zajic)
Re: Help me keep my Linux! Groupware solutions? (M. Buchenrieder)
----------------------------------------------------------------------------
Date: Sun, 19 Nov 2000 02:23:34 -0500
From: Glitch <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking
Subject: Re: Hacked? Is that the reason for my new mail problems?
mike wrote:
>
> I could be wrong but it looks like some asshole has been messing around on
> my machine (or trying to) when I go online (from /var/log/secure):
I'm a relative novice but it looks like someone is TRYING to get into
your machine, or at least access various services (telnet, finger, pop3,
imap, telnet, ftp, in that order). There are 3 different IPs so the
connnections may or may not be related. I could be wrong here but since
u did not have a pop3 or imap server running they weren't able to get in
and do anything; same with ftp. As for telnet it doesn't show they got
a connection but it doesn't show they didn't either. Based on my
knowledge I'd say no one has gotten in yet however they are trying to,
whether maliciously or not is up to speculation.
As for your actual mail problem it seems that your messages don't know
how to get off of your computer. It stays there and b/c it's like u are
sending mail to a mail server( your PC in this case) and it really isn't
a mail server u are going to get back messages saying unknown user b/c
your server isnt a mail server for the person u just sent mail to. You
will need to figure out why your mail can't get a route to the Net..most
likely your default route is messed up in your routing table. It also
could be that the mail server specified for mailq is incorrect and
therefore your messages can't get out beyond your PC.
if any of this is wrong , please, someone let meknow.
also, the in.* files are the daemons that run which listen for the
appropriate type of conection (ftp, telnet) so that when someone wants
to ftp to ur computer a connection can be established. For pop3, imap,
and ftp u dont have any daemons listening.
>
> Oct 21 14:02:47 analog in.telnetd[726]: connect from 207.71.92.221
> Oct 21 14:02:48 analog in.fingerd[728]: connect from 207.71.92.221
> Oct 21 14:02:53 analog ipop3d[730]: connect from 207.71.92.221
> Oct 21 14:02:53 analog ipop3d[730]: error: cannot execute /usr/sbin/ipop3d: No such
>file or directory
> Oct 21 14:02:56 analog imapd[732]: connect from 207.71.92.221
> Oct 21 14:02:56 analog imapd[732]: error: cannot execute /usr/sbin/imapd: No such
>file or directory
>
> Oct 27 22:02:16 analog in.telnetd[651]: connect from 216.78.184.172
> Oct 27 22:13:30 analog in.telnetd[681]: connect from 216.78.184.172
>
> Nov 12 18:36:16 analog in.ftpd[863]: connect from 167.206.187.189
> Nov 12 18:36:16 analog in.ftpd[863]: error: cannot execute /usr/sbin/in.ftpd: No
>such file or directory
>
> I've telnet'd to the above IPs over the past few days (but obviously can't
> get on) and always get the same machine:
>
> Red Hat Linux release 6.2 (Zoot)
> Kernel 2.2.14-5.0 on an i686
> login:
>
> I don't know what any of this 'in.*' stuff is so maybe it's nothing. But
> my question is that for about two weeks now I've had problems sending
> mail. I haven't made any changes recently and when I try to email myself
> using my year-old ISP email address the mail never goes out and I get a
> message stating "unknown user." None of my other mail goes out now either
> - it just sits in /var/spool/mqueue and when I do mailq I get things like
> "Deferred: Network is unreachable." If I log onto my work machine and
> send mail to the same addresses that fail at home, they go out fine.
>
> If someone logged onto my machine when I was online could they have messed
> something up so that mail won't go out? I'm still using the same
> /etc/sendmail.cf which has worked fine for the past year or so. If
> somebody messed something up where would I look to try and fix it?
>
> Thanks...
>
> Mike
> --
>
> ------------------------
> mhardy@[EMAIL PROTECTED]
>
> Auntie Em: Hate you, hate Kansas; took the dog - Dorothy
------------------------------
From: [EMAIL PROTECTED] (Harold Stevens ** PLEASE SEE SIG **)
Subject: Re: Hacked? Is that the reason for my new mail problems?
Crossposted-To: comp.os.linux.networking
Date: Sun, 19 Nov 2000 10:40:15 GMT
In <[EMAIL PROTECTED]>:
> Oct 21 14:02:47 analog in.telnetd[726]: connect from 207.71.92.221
> Oct 21 14:02:48 analog in.fingerd[728]: connect from 207.71.92.221
> Oct 21 14:02:53 analog ipop3d[730]: connect from 207.71.92.221
> Oct 21 14:02:53 analog ipop3d[730]: error: cannot execute /usr/sbin/ipop3d: No such
>file or directory
> Oct 21 14:02:56 analog imapd[732]: connect from 207.71.92.221
> Oct 21 14:02:56 analog imapd[732]: error: cannot execute /usr/sbin/imapd: No such
>file or directory
FWIW...
Sam Spade (http://samspade.org/t/) reports this may be a "Shields Up" probe
(from *anybody anywhere*) to verify your general security level:
Important - do not complain to ln.net on the grounds of
anything you see here.
Address Digger Results
(Version 3.1beta)
__________________________________________________________
Let's go!
Official name: shieldsup.grc.com
Addresses: 207.71.92.221
Maybe somebody checking your box for you, or having a bad typo day (?).
> Oct 27 22:02:16 analog in.telnetd[651]: connect from 216.78.184.172
> Oct 27 22:13:30 analog in.telnetd[681]: connect from 216.78.184.172
The telnet probe days later is (to me) more worrisome:
Important - do not complain to ln.net on the grounds of
anything you see here.
Address Digger Results
(Version 3.1beta)
__________________________________________________________
Let's go!
Official name: adsl-78-184-172.mco.bellsouth.net
Addresses: 216.78.184.172
__________________________________________________________
IP block lookup for 216.78.184.172
whois -h whois.arin.net 216.78.184.172
BellSouth.net Inc. (NETBLK-BELLSNET-BLK5)
301 Perimeter Center North, Suite 400
Atlanta, GA 30346
US
Netname: BELLSNET-BLK5
Netblock: 216.76.0.0 - 216.79.255.255
Maintainer: BELL
Coordinator:
Geurin, Joe (JG726-ARIN) [EMAIL PROTECTED]
678-441-7800 (FAX) 678-441-6968
Domain System inverse mapping provided by:
NS.BELLSOUTH.NET 205.152.0.5
NS.ATL.BELLSOUTH.NET 205.152.0.20
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Record last updated on 12-Sep-2000.
Database last updated on 18-Nov-2000 18:07:35 EDT.
Apparently somebody on a leased Bell South ADSL line is bored (at best).
Idleness, the devil's workshop, etc....
If this telnet garbage shows up again, I'd ask Bell South about it.
--
Regards, Weird (Harold Stevens) * IMPORTANT EMAIL INFO FOLLOWS *
Pardon the bogus email domain (dseg etc.) in place for spambots.
Really it's (wyrd) at raytheon, dotted with com. DO NOT SPAM IT.
Standard Disclaimer: These are my opinions not Raytheon Company.
------------------------------
From: [EMAIL PROTECTED] (Thomas Zajic)
Subject: Re: Why does linux keep crashing?
Reply-To: [EMAIL PROTECTED] (Thomas Zajic)
Date: Sun, 19 Nov 2000 10:45:02 GMT
On Sat, 18 Nov 2000 17:34:42 -0600, Jerry L Kreps wrote:
> "I'm running the latest developement development kernel"
> If it's an odd numbered kernel that says it all.
> [ ... ]
And of course you just *had to* quote the whole freaking 270 lines
to place your two-line answer right *above* it, right? Some people
these days ... *sigh*
Thomas
--
=-------------------------------------------------------------------------=
- Thomas "ZlatkO" Zajic <[EMAIL PROTECTED]> Linux-2.2.17/slrn-0.9.6.3pl1 -
- "It is not easy to cut through a human head with a hacksaw." (M. C.) -
=-------------------------------------------------------------------------=
------------------------------
From: [EMAIL PROTECTED] (M. Buchenrieder)
Subject: Re: Help me keep my Linux! Groupware solutions?
Date: Sun, 19 Nov 2000 09:15:43 GMT
[Newsgroups: trimmed]
Michael Merideth <[EMAIL PROTECTED]> writes:
[...]
>Basically this is competing with the idea of an Exchange/Project
>or Domino/Notes or Goldmine/Exchange/Palm Enterprise type solution.
[...]
How about using Domino for Linux? Should be downloadable from
the Lotus website.
Michael
--
Michael Buchenrieder * [EMAIL PROTECTED] * http://www.muc.de/~mibu
Lumber Cartel Unit #456 (TINLC) & Official Netscum
Note: If you want me to send you email, don't munge your address.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.misc) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
