[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] local ftp and pop3 logins
- Subject: Re: [cobalt-security] local ftp and pop3 logins
- From: Gareth Bromley <gbromley@xxxxxxxxxxx>
- Date: Thu, 15 Mar 2001 13:24:38 +0000
- Organization: Int* Consulting Ltd
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Marc Gear wrote:
> My logs give this a lot throughout the syslog of my raq3
> <start>
> Mar 14 14:15:00 pear in.proftpd[13261]: connect from 127.0.0.1
> Mar 14 14:15:13 pear in.qpopper[13285]: connect from 127.0.0.1
> Mar 14 14:30:00 pear in.proftpd[13897]: connect from 127.0.0.1
> Mar 14 14:30:13 pear in.qpopper[13919]: connect from 127.0.0.1
> <snip>
> it goes on for a long time... Is it something to do with the system monitor
> on the control panel checking these services are okay? I know i am not
> running any cron jobs that would give this sort of error.
> as it is i know have localhost in my /etc/hosts.deny incase this is a
> security issue, but i wondered what might be causing my machine to keep
> trying its pop and ftp connections...
Its part of the system monitoring. If you place don't have
localhost/127.0.0.1 in host.allow/deny, the control panel will show the
service as yellow instead of green.
Its a pain in the arse, as most of our logs are full of 127.0.0.1,
amking it hard to check for real use/abuse etc.
Hope this helps,
--Gareth