[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RaQ1: Hacker Login?

Subject: Re: [cobalt-users] RaQ1: Hacker Login?
From: "Gerald Waugh" <gerald@xxxxxxxxx>
Date: Wed Mar 15 21:08:16 2000

 ciclamino.dibe.unige.it [130.251.169.187]

----- Original Message -----
From: Jason Wong <support@xxxxxxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, March 16, 2000 12:00 AM
Subject: RE: [cobalt-users] RaQ1: Hacker Login?


> I've got the same problem, here's an extract from my secure log:
>
> Mar  5 04:02:47 symbol ipop2d[8674]: connect from 130.251.169.187
> Mar  5 04:02:47 symbol ipop2d[8673]: connect from 130.251.169.187
> Mar  5 04:02:47 symbol ipop2d[8675]: connect from 130.251.169.187
> Mar  5 04:02:47 symbol ipop2d[8676]: connect from 130.251.169.187
> Mar  5 04:02:47 symbol ipop2d[8677]: connect from 130.251.169.187
> Mar  5 04:02:47 symbol ipop2d[8678]: connect from 130.251.169.187
> Mar  5 04:02:47 symbol ipop2d[8679]: connect from 130.251.169.187
> Mar  5 04:02:47 symbol ipop2d[8680]: connect from 130.251.169.187
> Mar  5 04:02:49 symbol ipop2d[8681]: connect from 130.251.169.187
> Mar  5 04:02:49 symbol ipop2d[8682]: connect from 130.251.169.187
> Mar  5 04:02:49 symbol ipop2d[8684]: connect from 130.251.169.187
> Mar  5 04:02:49 symbol ipop2d[8683]: connect from 130.251.169.187
> Mar  5 04:02:49 symbol ipop2d[8686]: connect from 130.251.169.187
> Mar  5 04:02:49 symbol ipop2d[8685]: connect from 130.251.169.187
> Mar  5 04:02:49 symbol ipop2d[8687]: connect from 130.251.169.187
> Mar  5 04:02:50 symbol ipop2d[8688]: connect from 130.251.169.187
> Mar  5 04:02:51 symbol ipop2d[8689]: connect from 130.251.169.187
>
> Fortunately these are the only entries for 130.251.169.187. The domain
seems
> to be for a university in Italy - Universita' degli Studi di Genova.
>
> -
> Jason Wong
>
>
>
> > -----Original Message-----
> > From: cobalt-users-admin@xxxxxxxxxxxxxxx
> > [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Erik O
> > Sent: 16 March 2000 03:57
> > To: cobalt-users@xxxxxxxxxxxxxxx; cw
> > Subject: Re: [cobalt-users] RaQ1: Hacker Login?
> >
> >
> > I don't have customers in Italy. Couldn't be.
> >
> > What has me concerned is that all my pop connections refer to [qpopper]
> > and I can't rest until I find out what this [ipop2d] this is that's
> > allowing connections from .it
> >
> > Also, I've only had 2 connections to this service in that last month or
> > so.
> >
> > Any ideas?
> >
> > Erik
> >
> > > cwickham@xxxxxxxxxxxxxxxx wrote:
> > >
> > > That looks like pop connections. But why it is in /var/log/secure I
> > > don't know. From what I can tell that looks like nothing to worry
> > > about. Just one of your customers poping their mail..... unless you
> > > don't have any customers in Italy ;-)
> > >
> > > Charlie
> > >
> > > -----Original Message-----
> > > From: Erik O [mailto:erik@xxxxxxxxx]
> > > Sent: Wednesday, March 15, 2000 1:28 PM
> > > To: cobalt-users@xxxxxxxxxxxxx; Brian Curtis; Mat Kovach; Joe Kerns
> > > Subject: [cobalt-users] RaQ1: Hacker Login?
> > >
> > > I have a few strange logins recorded in /var/log/secure
> > >
> > > I can figure out what it is [ipop2d]. Here's the entry...
> > >
> > > Mar 13 18:55:37 ns ipop2d[21805]: connect from 207.253.51.131
> > > Mar 13 18:55:37 ns ipop2d[21806]: connect from 207.253.51.131
> > >
> > > It has accepted connections from two IP's since the log rotated.
> > >
> > > 207.253.51.131
> > > 130.251.169.187
> > >
> > > The last one resolves to ....
> > > Name:    ciclamino.dibe.unige.it
> > >
> > > I just don't like the looks of this. I can't seem to find this service
> > >
> > > running anywhere.
> > >
> > > Help?  :)
> > >
> > > Erik
> > >
> > > _______________________________________________
> > > cobalt-users mailing list
> > > cobalt-users@xxxxxxxxxxxxxxx
> > > To Subscribe or Unsubscribe, please go to:
> > > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
> > _______________________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To Subscribe or Unsubscribe, please go to:
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- RE: [cobalt-users] RaQ1: Hacker Login?
  - From: Jason Wong

Prev by Date: [cobalt-users] PPTP and Qube 2
Next by Date: Re: Email Clients (Was: RE: [cobalt-users] HTML)
Previous by thread: RE: [cobalt-users] RaQ1: Hacker Login?
Next by thread: Re: [cobalt-users] RaQ1: Hacker Login?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index