[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Attempted attack?
- Subject: [cobalt-security] Attempted attack?
- From: loptson@xxxxxxxxxxxx
- Date: Sun, 06 Jan 2002 21:24:04 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
logcheck sent me the following. Am I right in assuming that this is an attempt at an attack? I've added the ip address to my ipchains input chain to deny access but I'm wondering if I need to do anthing else. Suggestions?
Thanks!
Jan 6 07:08:27 www sshd[26034]: Did not receive identification string from 213.51.70.147
Jan 6 07:08:26 www in.qpopper[26036]: connect from 213.51.70.147
Jan 6 07:08:28 www imapd[26037]: connect from 213.51.70.147
Jan 6 07:17:45 www imapd[26469]: connect from 213.51.70.147
Jan 6 07:08:27 www in.qpopper[26036]: EOF from at 213.51.70.147 (cp101170-b.schoo1.lb.nl.home.com): [0] 29 (Illegal seek); 0 (Success)
Jan 6 07:08:27 www in.qpopper[26036]: (null) at cp101170-b.schoo1.lb.nl.home.com (213.51.70.147): -ERR POP EOF or I/O Error: 29 (Illegal seek); 0 (Success)
Jan 6 07:08:28 www sendmail[26035]: NOQUEUE: Null connection from cp101170-b.schoo1.lb.nl.home.com [213.51.70.147]
Jan 6 07:08:28 www imapd[26037]: imap service init from 213.51.70.147
Jan 6 07:08:28 www imapd[26037]: Command stream end of file, while reading line user=??? host=cp101170-b.schoo1.lb.nl.home.com [213.51.70.147]
Jan 6 07:17:45 www imapd[26469]: imap service init from 213.51.70.147
Jan 6 07:17:58 www imapd[26469]: Command stream end of file, while reading line user=??? host=cp101170-b.schoo1.lb.nl.home.com [213.51.70.147]Jan 6 08:18:36 www sendmail[26511]: NOQUEUE: Null connection from cp101170-b.schoo1.lb.nl.home.com [213.51.70.147]
I've got the following services listening on the box:
tcp 0 0 *:www *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:81 *:* LISTEN
tcp 0 0 *:snpp *:* LISTEN
tcp 0 0 *:7937 *:* LISTEN
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:7938 *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 *:617 *:* LISTEN
tcp 0 0 *:imap2 *:* LISTEN
tcp 0 0 *:pop-3 *:* LISTEN