Date: Tue, 9 Sep 1997 00:16:14 -0700 From: Samara McCord <mccord@zytek.com> To: freebsd-questions@FreeBSD.ORG Subject: Attacks on IMAP Daemon - Security Weakness? Message-ID: <199709090716.AAA27574@syzygy.zytek.com>
next in thread | raw e-mail | index | archive | help
I've noticed a number of suspicious error messages since we installed an IMAP server (running on port 143), and I'm wondering if these people are trying to hack into imapd using a known weakness. We have since installed tcp_wrapper and have turned off all access to imapd outside of our network, but I'm curious just the same. Here are examples from the logs: ------- Sep 1 00:23:55 imapd[29019]: EOF, while reading line user=??? host=cx52269-a.msnv1.occa.home.com Sep 1 11:10:42 imapd[438]: EOF, while reading line user=??? host=mek-12.hut.fi Sep 1 11:57:55 imapd[513]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=usr18-dialup3.mix2.Atlanta.mci.net Sep 1 11:57:55 imapd[513]: EOF, while reading line user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=usr18-dialup3.mix2.Atlanta.mci.net Sep 1 21:29:12 imapd[1445]: EOF, while reading line user=??? host=ruddock-99.caltech.edu Sep 1 23:37:18 imapd[1553]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=ruddock-99.caltech.edu Sep 6 21:36:11 imapd[16677]: EOF, while reading line user=??? host=u4arut.nsls.bnl.gov Sep 7 01:22:55 imapd[16963]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=u4arut.nsls.bnl.gov Sep 7 22:28:36 imapd[19329]: EOF, while reading line user=??? host=209.27.26.2 Sep 7 22:28:40 imapd[19330]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=209.27.26.2 Sep 7 22:30:31 imapd[19334]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=1Cust32.max2.new-york.ny.ms.uu.net Sep 7 22:30:31 imapd[19334]: EOF, while reading line user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=1Cust32.max2.new-york.ny.ms.uu.net Sep 8 12:40:33 imapd[21481]: EOF, while reading line user=??? host=thor.wordwrap.net Sep 8 13:57:29 imapd[21731]: EOF, while reading line user=??? host=dns1.interwarp.net Sep 8 16:50:06 imapd[22107]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=dns1.interwarp.net Sep 8 16:59:08 imapd[22149]: EOF, while reading line user=??? host=wipd.com Sep 8 17:37:20 imapd[22255]: EOF, while reading line user=??? host=lab09.galley.cc.ship.edu -------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709090716.AAA27574>