[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] RaQ1: Hacker Login?
- Subject: Re: [cobalt-users] RaQ1: Hacker Login?
- From: Erik O <erik@xxxxxxxxx>
- Date: Wed Mar 15 11:56:51 2000
I don't have customers in Italy. Couldn't be.
What has me concerned is that all my pop connections refer to [qpopper]
and I can't rest until I find out what this [ipop2d] this is that's
allowing connections from .it
Also, I've only had 2 connections to this service in that last month or
so.
Any ideas?
Erik
> cwickham@xxxxxxxxxxxxxxxx wrote:
>
> That looks like pop connections. But why it is in /var/log/secure I
> don't know. From what I can tell that looks like nothing to worry
> about. Just one of your customers poping their mail..... unless you
> don't have any customers in Italy ;-)
>
> Charlie
>
> -----Original Message-----
> From: Erik O [mailto:erik@xxxxxxxxx]
> Sent: Wednesday, March 15, 2000 1:28 PM
> To: cobalt-users@xxxxxxxxxxxxx; Brian Curtis; Mat Kovach; Joe Kerns
> Subject: [cobalt-users] RaQ1: Hacker Login?
>
> I have a few strange logins recorded in /var/log/secure
>
> I can figure out what it is [ipop2d]. Here's the entry...
>
> Mar 13 18:55:37 ns ipop2d[21805]: connect from 207.253.51.131
> Mar 13 18:55:37 ns ipop2d[21806]: connect from 207.253.51.131
>
> It has accepted connections from two IP's since the log rotated.
>
> 207.253.51.131
> 130.251.169.187
>
> The last one resolves to ....
> Name: ciclamino.dibe.unige.it
>
> I just don't like the looks of this. I can't seem to find this service
>
> running anywhere.
>
> Help? :)
>
> Erik
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users