[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Trying to break a passwd?

Subject: Re: [cobalt-security] Trying to break a passwd?
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 24 Feb 2002 16:24:44 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Sunday 24 February 2002 03:37 pm, jorge wrote:
> Hi everybody,
>
> I'm getting the following report from logcheck from this morning at 4
> up to now being repeated every 2:xx minutes.
> Now, please notice the IP number is the local route to get to the
> server to check mail (if I block it, 95% of my customers won't be able
> to read mail nor see their web sites).
> Seems to me like someone is trying to break this user's paswwd.
> What do you think ?
> How can I correct the "not issue MAIL/EXPN/VRFY/ETRN during connection
> to MTA" ?

This entry is probably from the active monitor program, ran every 15 minutes, 
it connecs to see if sendmail is running and then abruptly disconnects.

> Feb 24 12:30:03 www sendmail[31012]: NOQUEUE: localhost [127.0.0.1] did
> not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

These are one of your users??? logging in to get his mail, he probably has 
his emaiil client setup to connect every two minutes.

> Feb 24 12:32:58 www in.qpopper[31132]: (v?) POP login by
> user "adrianac" at (200.66.165.18) 200.66.165.18

> Feb 24 12:34:01 www in.qpopper[31171]: (v?) POP login by
> user "adrianac" at (200.66.165.18) 200.66.165.18

--
Gerald Waugh

References:
- [cobalt-security] Trying to break a passwd?
  - From: jorge

Prev by Date: [cobalt-security] Trying to break a passwd?
Next by Date: Re: [cobalt-security] Trying to break a passwd?
Previous by thread: [cobalt-security] Trying to break a passwd?
Next by thread: Re: [cobalt-security] Trying to break a passwd?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index