[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] logs

Subject: Re: [cobalt-security] logs
From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
Date: Sun, 13 May 2001 20:07:08 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> 1. I have more than 1000 records of this everyday:
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> May 13 01:45:08 www sendmail[16395]: NOQUEUE: localhost [127.0.0.1]
did not
> issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Actually you should have this exactly 96 times per day.
It is not an attack, it's the active monitor checking your machine out
every 15 minutes.
If you don't want to see it, tell your logcheck config file to ignore
it.


> 2. this appear many 1000 times every day, this last days:
> May 12 04:18:27 www named[5605]: Lame server on
'70.39.117.211.in-addr.arpa'
> (in '117.211.in-addr.arpa'?): [134.75.30.1].53 'ns.kreonet.re.kr'

This means that the server that 'ns.kreonet.re.kr' is *supposed* to
be, isn't configured properly.
It's also not an attack, it's a notice to you that your machine could
not forward someone on to a web site on the server 'ns.kreonet.re.kr'
because that server is not set up like it's supposed to be.

You can also tweak your logcheck config file to ignore these and not
show them to you.
Do a search on Google for both of these messages (make it more generic
though, like 'lame server messages') and you'll get an entire night's
worth of reading back on the subject.

CarrieB

References:
- [cobalt-security] logs
  - From: Kai Schantz, Euroweb

Prev by Date: [cobalt-security] logs
Next by Date: Re: [cobalt-security] FW: SSH installed correctly but apparantly not working!
Previous by thread: [cobalt-security] logs
Next by thread: [cobalt-security] FTP with admin

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index