From owner-freebsd-security Tue Jun 15 8:43: 6 1999 Delivered-To: freebsd-security@freebsd.org Received: from retribution.net (retribution.net [207.96.1.17]) by hub.freebsd.org (Postfix) with ESMTP id A3CA714FDB for ; Tue, 15 Jun 1999 08:43:02 -0700 (PDT) (envelope-from mjoseff@retribution.net) Received: from retribution.net (retribution.net [207.96.1.17]) by retribution.net (8.9.3/8.9.1) with ESMTP id LAA23727; Tue, 15 Jun 1999 11:42:59 -0500 (EST) Date: Tue, 15 Jun 1999 11:42:59 -0500 (EST) From: Matthew Joseff To: David G Andersen Cc: freebsd-security@FreeBSD.ORG Subject: Re: /var/log/messages In-Reply-To: <199906151455.IAA19354@lal.cs.utah.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 15 Jun 1999, David G Andersen wrote: }Since nobody has pointed it out yet, just FYI, this is typically an }indication that you're being portscanned by the host 193.221.47.155. }You might also want to check for telnet connections, NOQUEUE messages from }sendmail, etc., to get a better idea of what they scanned. }Then, contact postmaster@molnycke.se about it (or, if that fails, they }list their domain contact as hostmaster@sgn.sca.se). Thanks, I've disabled telnet, rsh, and rlogin, and installed tcp_wrappers (via /usr/ports . . . ). No "NOQUEUE"s in /var/log/mailog . . . Thanks for the help. -- Matthew Joseff, Sr. Web Developer RCN Corp. 703-321-2410 www.rcn.com NASDAQ: RCNC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message