That looks like pop connections. But why it is in /var/log/secure I don't know. From what I can tell that looks like nothing to worry about. Just one of your customers poping their mail..... unless you don't have any customers in Italy ;-)
Charlie
-----Original Message-----
From: Erik O [mailto:erik@xxxxxxxxx]
Sent: Wednesday, March 15, 2000 1:28 PM
To: cobalt-users@xxxxxxxxxxxxx; Brian Curtis; Mat Kovach; Joe Kerns
Subject: [cobalt-users] RaQ1: Hacker Login?
I have a few strange logins recorded in /var/log/secure
I can figure out what it is [ipop2d]. Here's the entry...
Mar 13 18:55:37 ns ipop2d[21805]: connect from 207.253.51.131
Mar 13 18:55:37 ns ipop2d[21806]: connect from 207.253.51.131
It has accepted connections from two IP's since the log rotated.
207.253.51.131
130.251.169.187
The last one resolves to ....
Name: ciclamino.dibe.unige.it
I just don't like the looks of this. I can't seem to find this service
running anywhere.
Help? :)
Erik
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users