Date: Wed, 07 Apr 1999 16:25:49 +1200 From: Andrew McNaughton <andrew@squiz.co.nz> To: Paul MacKenzie <pc.mackenzie@utoronto.ca> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Should I be worried, Message-ID: <199904070425.QAA03277@aniwa.sky> In-Reply-To: Your message of "Tue, 06 Apr 1999 20:07:42 -0400." <4.1.19990406200132.00992430@mail.elehost.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You've obviously been probed. The POP EOF message likely resulted from the connection being dropped without a QUIT command. You might care enough to verify whether this is how popper reports such a situation. grepping the popper source for that error message is probably the fastest way to get an idea of what causes such an error message. Andrew McNaughton > Quick message to allay a few fears. The other day I found this in the logs... > > Apr 3 06:43:44 server popper[20031]: @m-burg-01.rewiss.fu-berlin.de: -ERR > POP EOF received > Apr 3 06:43:45 server /kernel: ipfw: 13610 Accept TCP 160.45.166.130:22904 > xxx.xxx.xxx.xxx:23 in via ed0 > Apr 3 06:43:45 server /kernel: ipfw: 13610 Accept TCP 160.45.166.130:22904 > xxx.xxx.xxx.xxx:23 out via ed1 > > (the xxx.xxx.xxx.xxx address being the same above in both cases) > > This person was obviously an outsider because I have no clients in this > part of the world. Any thoughts on why Qpopper send this back assuming they > have no access to any e-mail addresses? > > As well the above error was shown a number of times for different addresses > (as though a scanner was run on a certain subnet mask). > > Should I be concerned? > > Thanks for any insight and discussion this opens up, > > Sincerely > > Paul > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- ----------- Andrew McNaughton andrew@squiz.co.nz http://www.newsroom.co.nz/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904070425.QAA03277>