[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Trying to break a passwd?

Subject: [cobalt-security] Trying to break a passwd?
From: "jorge" <jorge@xxxxxxxxxxxxxxxx>
Date: Sun, 24 Feb 2002 14:37:22 -0600
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi everybody,

I'm getting the following report from logcheck from this morning at 4  
up to now being repeated every 2:xx minutes.
Now, please notice the IP number is the local route to get to the 
server to check mail (if I block it, 95% of my customers won't be able 
to read mail nor see their web sites).
Seems to me like someone is trying to break this user's paswwd. 
What do you think ? 
How can I correct the "not issue MAIL/EXPN/VRFY/ETRN during connection 
to MTA" ?

Feb 24 12:30:03 www sendmail[31012]: NOQUEUE: localhost [127.0.0.1] did 
not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Feb 24 12:32:58 www in.qpopper[31132]: (v?) POP login by 
user "adrianac" at (200.66.165.18) 200.66.165.18
Feb 24 12:34:01 www in.qpopper[31171]: (v?) POP login by 
user "adrianac" at (200.66.165.18) 200.66.165.18
... and  keeps going

Thanks in advance for your help

Jorge Ceballos
--

Follow-Ups:
- Re: [cobalt-security] Trying to break a passwd?
  - From: Gerald Waugh
- Re: [cobalt-security] Trying to break a passwd?
  - From: David Lucas

Prev by Date: Re: [cobalt-security] Updated RPMS for proftpd, imapd and qpopper
Next by Date: Re: [cobalt-security] Trying to break a passwd?
Previous by thread: [cobalt-security] Secure Certificate Expired even with root CA?
Next by thread: Re: [cobalt-security] Trying to break a passwd?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index