From owner-freebsd-security Tue Apr 6 21:40:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from tasam.com (tasam.com [209.219.168.22]) by hub.freebsd.org (Postfix) with ESMTP id 2D38F151ED for ; Tue, 6 Apr 1999 21:40:55 -0700 (PDT) (envelope-from clash@tasam.com) Received: from bug (bug.tasam.com [206.161.113.114]) by tasam.com (8.9.3/8.9.1) with SMTP id AAA18095; Wed, 7 Apr 1999 00:38:42 -0400 (EDT) Message-ID: <021101be80b0$89523c60$7271a1ce@bug.tasam.com> From: "Joe Gleason" To: "Paul MacKenzie" , "Andrew McNaughton" Cc: Subject: Re: Should I be worried, Date: Wed, 7 Apr 1999 00:36:42 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It is, my automated scripts that make sure TCP is still answering on ports such as 110 fill my logs with messages like: Apr 4 20:00:14 shell1 popper[1723]: @xxx.xxxxxx.com: -ERR POP EOF received Joe Gleason Tasam > >You've obviously been probed. The POP EOF message likely resulted from the >connection being dropped without a QUIT command. You might care enough to >verify whether this is how popper reports such a situation. > >grepping the popper source for that error message is probably the fastest way >to get an idea of what causes such an error message. > >Andrew McNaughton > > > > > >> Quick message to allay a few fears. The other day I found this in the logs... >> >> Apr 3 06:43:44 server popper[20031]: @m-burg-01.rewiss.fu-berlin.de: -ERR >> POP EOF received >> Apr 3 06:43:45 server /kernel: ipfw: 13610 Accept TCP 160.45.166.130:22904 >> xxx.xxx.xxx.xxx:23 in via ed0 >> Apr 3 06:43:45 server /kernel: ipfw: 13610 Accept TCP 160.45.166.130:22904 >> xxx.xxx.xxx.xxx:23 out via ed1 >> >> (the xxx.xxx.xxx.xxx address being the same above in both cases) >> >> This person was obviously an outsider because I have no clients in this >> part of the world. Any thoughts on why Qpopper send this back assuming they >> have no access to any e-mail addresses? >> >> As well the above error was shown a number of times for different addresses >> (as though a scanner was run on a certain subnet mask). >> >> Should I be concerned? >> >> Thanks for any insight and discussion this opens up, >> >> Sincerely >> >> Paul >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >> > >-- >----------- >Andrew McNaughton >andrew@squiz.co.nz >http://www.newsroom.co.nz/ > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message