[cobalt-users] More Lame Server Thoughts & Help with Log "Security Violation" Message

["Rick Ewart" <rick@xxxxxxxxx>]

Hello all.

Regarding your thread earlier with Carrie about Lame Servers, and my guess
that they might be related to hacking attempts, I submit the following for
comments. I received 2 lame sever messages, each apparently re a different
IP, 3 seconds before a port scan on my machine from that same IP.... See
below log messages:

Jan 31 16:53:57 www named[746]: Lame server on '132.48.58.211.in-addr.arpa'
(in '58.211.in-addr.arpa'?): [147.47.1.1].53 'ns.kren.nm.kr'
Jan 31 16:53:57 www named[746]: Lame server on '132.48.58.211.in-addr.arpa'
(in '58.211.in-addr.arpa'?): [134.75.30.1].53 'ns.kreonet.re.kr'
Jan 31 16:54:00 www portsentry[1386]: attackalert: SYN/Normal scan from
host: 211.58.48.132/211.58.48.132 to TCP port: 111

ALSO, I need help to see if anyone knows what this means, in English.... I
regularly (every 15 min) get the following in my log, which is obviously
related to active monitor checking my sendmail:

Jan 31 16:30:03 www sendmail[13756]: NOQUEUE: localhost [127.0.0.1] did not
issue MAIL/EXPN/VRFY/ETRN during connection to MTA

HOWEVER, today I received the following in my log (first time I have seen it
where it is not from the loopback IP). Oddly enough it happens to be from a
network in the same business as my clients (actually one part of their
organization sorta "competes" with me). Anybody know why/how this came
about? There were no login errors or anything like that. FYI - it is
entirely possible that they were sending mail to a client - they probably do
this fairly often, but nobody else causes this error.

Jan 31 16:33:36 www sendmail[13899]: NOQUEUE: [208.139.215.51] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA

Comments and thoughts are greatly appreciated.
Rick Ewart