[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Attempted attack?

Subject: [cobalt-security] Attempted attack?
From: loptson@xxxxxxxxxxxx
Date: Sun, 06 Jan 2002 21:24:04 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

logcheck sent me the following. Am I right in assuming that this is an attempt at an attack?  I've added the ip address to my ipchains input chain to deny access but I'm wondering if I need to do anthing else.  Suggestions?  

Thanks!

Jan 6 07:08:27 www sshd[26034]: Did not receive identification string from 213.51.70.147 
Jan 6 07:08:26 www in.qpopper[26036]: connect from 213.51.70.147 
Jan 6 07:08:28 www imapd[26037]: connect from 213.51.70.147 
Jan 6 07:17:45 www imapd[26469]: connect from 213.51.70.147 
Jan 6 07:08:27 www in.qpopper[26036]: EOF from at 213.51.70.147 (cp101170-b.schoo1.lb.nl.home.com): [0] 29 (Illegal seek); 0 (Success) 
Jan 6 07:08:27 www in.qpopper[26036]: (null) at cp101170-b.schoo1.lb.nl.home.com (213.51.70.147): -ERR POP EOF or I/O Error: 29 (Illegal seek); 0 (Success) 
Jan 6 07:08:28 www sendmail[26035]: NOQUEUE: Null connection from cp101170-b.schoo1.lb.nl.home.com [213.51.70.147] 
Jan 6 07:08:28 www imapd[26037]: imap service init from 213.51.70.147 
Jan 6 07:08:28 www imapd[26037]: Command stream end of file, while reading line user=??? host=cp101170-b.schoo1.lb.nl.home.com [213.51.70.147] 
Jan 6 07:17:45 www imapd[26469]: imap service init from 213.51.70.147 
Jan 6 07:17:58 www imapd[26469]: Command stream end of file, while reading line user=??? host=cp101170-b.schoo1.lb.nl.home.com [213.51.70.147]Jan 6 08:18:36 www sendmail[26511]: NOQUEUE: Null connection from cp101170-b.schoo1.lb.nl.home.com [213.51.70.147] 


I've got the following services listening on the box:

tcp        0      0 *:www                   *:*                     LISTEN
tcp        0      0 *:ssh                   *:*                     LISTEN
tcp        0      0 *:81                    *:*                     LISTEN
tcp        0      0 *:snpp                  *:*                     LISTEN
tcp        0      0 *:7937                  *:*                     LISTEN
tcp        0      0 *:mysql                 *:*                     LISTEN
tcp        0      0 *:7938                  *:*                     LISTEN
tcp        0      0 *:smtp                  *:*                     LISTEN
tcp        0      0 *:617                   *:*                     LISTEN
tcp        0      0 *:imap2                 *:*                     LISTEN
tcp        0      0 *:pop-3                 *:*                     LISTEN

Follow-Ups:
- [cobalt-security] newbie question: how do i change the chiliASP default password...
  - From: purple benz e420

Prev by Date: [cobalt-security] Perhaps OT: Maillog entries missing
Next by Date: [cobalt-security] newbie question: how do i change the chiliASP default password...
Previous by thread: [cobalt-security] Perhaps OT: Maillog entries missing
Next by thread: [cobalt-security] newbie question: how do i change the chiliASP default password...

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index