[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] newbie question about portsentry log

Subject: Re: [cobalt-security] newbie question about portsentry log
From: "Dave @ The Hostworks" <dave@xxxxxxxxxxxxxxxx>
Date: Fri, 28 Feb 2003 14:05:14 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Careful there, your e-mail client really mixed that message up, and made it
look like I was the person asking that.

Thanks
Dave
----- Original Message -----
From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, February 28, 2003 10:34 AM
Subject: Re: [cobalt-security] newbie question about portsentry log


> DTH> Date: Fri, 28 Feb 2003 09:54:40 -0500
> DTH> From: "Dave @ The Hostworks"
>
>
> AM> could someone explain whats happening here.
> AM> I'm new to server admin in general.
>
> New to server administration?
>
> 1. Read, read, read
> 2. Read more, read more, read more
> 3. Read the archives
> 4. Disable unused services
> 5. Keep up to date on patches
> 6. Install at least _some_ firewalling to protect against
>    certain problems.
>
> Nothing is a panacea.  Vigilant administration is the only way.
>
>
> AM> Feb 27 23:15:15 (none) imapd[19811]: imap service init from 127.0.0.1
> AM> Feb 27 23:15:15 (none) imapd[19811]: Logout user=??? host=localhost
> AM> [127.0.0.1]
>
> Probably Cobalt's monitoring, periodically checking to see if
> IMAP is running.  Do you really need IMAP?
>
>
> AM> Feb 27 23:23:06 (none) sendmail[20104]: NOQUEUE:
> AM> dialpool.seattle.wa.ppp13.screaminet.com [208.186.188.179] (may be
forged)
> AM> did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
>
> DTH> from what i see, that looks like someone just scanning for
> DTH> open relays?
>
> No... someone just checking to see if 25/TCP is open.  Note that
> they never gave a MAIL command, which _must_ be done if one is
> warscanning for open relays.
>
>
> Eddy
> --
> Brotsman & Dreger, Inc. - EverQuick Internet Division
> Bandwidth, consulting, e-commerce, hosting, and network building
> Phone: +1 (785) 865-5885 Lawrence and [inter]national
> Phone: +1 (316) 794-8922 Wichita
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
> From: A Trap <blacklist@xxxxxxxxx>
> To: blacklist@xxxxxxxxx
> Subject: Please ignore this portion of my mail signature.
>
> These last few lines are a trap for address-harvesting spambots.
> Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
> be blocked.
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

Follow-Ups:
- Re: [cobalt-security] newbie question about portsentry log
  - From: E.B. Dreger

References:
- Re: [cobalt-security] newbie question about portsentry log
  - From: E.B. Dreger

Prev by Date: Re: [cobalt-security] newbie question about portsentry log
Next by Date: Re: [cobalt-security] newbie question about portsentry log
Previous by thread: Re: [cobalt-security] newbie question about portsentry log
Next by thread: Re: [cobalt-security] newbie question about portsentry log

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index