Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Attack ??
« previous next »
Pages: [1]   Go Down

Attack ??

  • 3 Replies
  • 881 Views

Rick

Attack ??
« on: March 30, 2001, 11:29:28 PM »
When i take a look at the /etc/messages file a see this entry:

Mar 30 12:47:44 server xinetd[514]: START: pop-3 pid=16633 from=www.xxx.yyy.zzz
Mar 30 12:53:25 server xinetd[514]: START: pop-3 pid=16643 from=www.xxx.yyy.zzz
Mar 30 12:59:04 server xinetd[514]: START: pop-3 pid=16650 from=www.xxx.yyy.zzz
Mar 30 13:04:43 server xinetd[514]: START: pop-3 pid=16661 from=www.xxx.yyy.zzz
Mar 30 13:10:22 server xinetd[514]: START: pop-3 pid=16675 from=www.xxx.yyy.zzz
Mar 30 13:16:02 server xinetd[514]: START: pop-3 pid=16683 from=www.xxx.yyy.zzz
Mar 30 13:21:43 server xinetd[514]: START: pop-3 pid=16692 from=www.xxx.yyy.zzz

I see i happening for the whole day now. Could this be a hack going on?
Logged

diaolin

Re: Attack ??
« Reply #1 on: March 31, 2001, 11:13:26 PM »
Of course this can be a passwd cracker due to this continuous bouncing......but too much time between connections ........every 5 minutes but it can be even a client configured for testing if it has new mail every 5 minutes..........like Outlook Espress.
Ciao Diaolin
Logged

Rick

Re: Attack ??
« Reply #2 on: April 01, 2001, 12:37:22 PM »
Is seems to be someone who did not configure his email client properly now. The interval is still at 5 minutes, and only during office hours. Is there a way to figure out who is the person behind this mistake?
Logged

Fran Boon

Re: Attack ??
« Reply #3 on: April 02, 2001, 12:12:36 AM »
Check /var/log/secure

This should show which user is using either POP-3 or IMAP continually...

F
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Attack ??