On Thu, Jul 11, 2002 at 09:24:57AM -0700, daniel wrote: > i got this in my logwatch email to root the other day: > > g68B22hG013075: g68B24hG013077: DSN: User unknown
The cryptic number is the sendmail message ID. You can grep your maillog for all occurrences of this string if you're interested. What I believe is happening is that somebody is trying to send a message to an unknown user at your site (or it's the bounce of a message back to you when you sent to an unknown user - I can't remember which). > most notably the 'unmatched entries' in things like sendmail, proftpd and > sshd are bothering me. that and the fact that i'm getting tonnes of > attempted annonymous ftp connections when i don't support annonymous ftp and > to my knowledge, i'm not advertising the fact that i'm running an ftp server > anywhere. There will be port scans and you'll get people trying to connect your system regularly. I solved this by disallowing anonymous ftp and ignoring the message (they can't get anywhere anyway). For ssh, I add a hosts.deny and hosts.allow entry to restrict where the ssh connections can come from since I know where I always connect to my home system from. I've got ftp blocked at my firewall currently. -- Ed Wilts, Mounds View, MN, USA mailto:[EMAIL PROTECTED] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
