RE: [luau] BIG sendmail prob./man in the middle maybe ?

Fri, 23 Aug 2002 11:04:39 -1000 

Maybe im just paranoid/desperate but, i've been getting alot of scan's from
a ip#'s in spain lately,  a few attempted ftp logins, and ssh connections,
and i got this from in my logwatch email (not sure what the hell that is but
it can't be good),
-----
Aug 23 07:10:43 NS2 rpc.statd[752]: gethostbyname error for
^X? ?^X? ?^Z? ?^Z? ?
%8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hn\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
-----

So i was thinking if i my machine wasn't as secure as i thought it was (and
my D-Link router isn't set up right) and someone does a man in the middle
attack to grab plain text passwords for smtp_auth how could i tell ?

Florian


----- Original Message -----
From: "Florian Hines" <[EMAIL PROTECTED]>
To: "Luau" <[EMAIL PROTECTED]>
Sent: Friday, August 23, 2002 2:08 PM
Subject: [luau] BIG sendmail prob.


> Hi guys,
>
> I've never run into this before so im hoping you guys can help me.
>
> Twice in the last few days i've had to recompile the sendmail.mc >
> sendmail.cf because of the following errors.
>
> ---From the logs---
> Aug 19 22:12:14 NS2 sendmail[2613]: NOQUEUE: SYSERR(root): No local mailer
> defined: Inappropriate ioctl for device
> Aug 19 22:12:14 NS2 sendmail[2613]: NOQUEUE:   0: fl=0x8002, mode=20620:
> CHR:
> size=0
> Aug 19 22:12:14 NS2 sendmail[2613]: NOQUEUE:   1: fl=0x8001, mode=20666:
> CHR:
> size=0
> Aug 19 22:12:14 NS2 sendmail[2613]: NOQUEUE:   2: fl=0x8001, mode=20666:
> CHR:
> size=0
> Aug 19 22:12:14 NS2 sendmail[2613]: NOQUEUE:   3: fl=0x2, mode=140777:
SOCK
> localhost->[[UNIX: /dev/log]]
> Aug 19 22:12:14 NS2 sendmail[2613]: NOQUEUE: SYSERR(root): QueueDirectory
> (Q)
> option must be set
> -------------------
>
> And now i have a big problem that i can't figure out.
>
> When someone from the outside tries to connect to sendmail using the
domains
> (ex. mail.something.com) i get  "Connection Refused" it works fine if
you're
> on the machine and sending mail localy.  Sendmail's set up to use SASL. It
> worked fine up until this week i made no changes what so ever.(I disabled
> iptables to make sure its not the firewall) HTTP SSH POP3 and MYSQL all
> connected fine. Anyone have any ideas ? I really need help on this one.
>
> Florian
>
> _______________________________________________
> LUAU mailing list
> [EMAIL PROTECTED]
> http://videl.ics.hawaii.edu/mailman/listinfo/luau
>
_______________________________________________
LUAU mailing list
[EMAIL PROTECTED]
http://videl.ics.hawaii.edu/mailman/listinfo/luau

Reply via email to