[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] local ftp and pop3 logins

Subject: Re: [cobalt-security] local ftp and pop3 logins
From: Gareth Bromley <gbromley@xxxxxxxxxxx>
Date: Thu, 15 Mar 2001 13:24:38 +0000
Organization: Int* Consulting Ltd
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Marc Gear wrote:
> My logs give this a lot throughout the syslog of my raq3
> <start>
> Mar 14 14:15:00 pear in.proftpd[13261]: connect from 127.0.0.1
> Mar 14 14:15:13 pear in.qpopper[13285]: connect from 127.0.0.1
> Mar 14 14:30:00 pear in.proftpd[13897]: connect from 127.0.0.1
> Mar 14 14:30:13 pear in.qpopper[13919]: connect from 127.0.0.1
> <snip>
> it goes on for a long time... Is it something to do with the system monitor
> on the control panel checking these services are okay?  I know i am not
> running any cron jobs that would give this sort of error.
> as it is i know have localhost in my /etc/hosts.deny incase this is a
> security issue, but i wondered what might be causing my machine to keep
> trying its pop and ftp connections...
Its part of the system monitoring. If you place don't have
localhost/127.0.0.1 in host.allow/deny, the control panel will show the
service as yellow instead of green.

Its a pain in the arse, as most of our logs are full of 127.0.0.1,
amking it hard to check for real use/abuse etc.

Hope this helps,

--Gareth

Follow-Ups:
- Re: [cobalt-security] local ftp and pop3 logins
  - From: Mike Coltart
- Re: [cobalt-security] local ftp and pop3 logins
  - From: John Bailey

References:
- [cobalt-security] local ftp and pop3 logins
  - From: Marc Gear

Prev by Date: [cobalt-security] Bind News
Next by Date: [cobalt-security] IPChains etc.
Previous by thread: Re: [cobalt-security] Upgrade of BIND to 8.2.3
Next by thread: Re: [cobalt-security] local ftp and pop3 logins

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index