From owner-freebsd-questions Tue Jul 28 18:03:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA01339 for freebsd-questions-outgoing; Tue, 28 Jul 1998 18:03:49 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from red.kd0yu.com (root@dial06-dav2.qcaccess.net [205.199.206.46]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA01200 for ; Tue, 28 Jul 1998 18:03:17 -0700 (PDT) (envelope-from dave@red.kd0yu.com) Received: from rwc (rwcnt.kd0yu.com [205.199.206.226]) by red.kd0yu.com (8.8.5/8.8.5) with SMTP id TAA10736 for ; Tue, 28 Jul 1998 19:12:24 -0500 Message-Id: <199807290012.TAA10736@red.kd0yu.com> Comments: Authenticated sender is From: "Dave Helton" Organization: Circumspect Corporation To: questions@FreeBSD.ORG Date: Tue, 28 Jul 1998 20:02:16 -0600 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: version 2.1.0 and a hacker I can't keep out Reply-to: dave@kd0yu.com X-mailer: Pegasus Mail for Windows (v2.42a) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dear Sirs, Frustration is running high! I am using ver 2.1.0-RELEASE. Have ordered the latest (v2.6.6-RELEASE) from cdrom.com So... before it's installed I would still like to know how the hell he's doing it. I get the following: Jul 28 14:03:33 home popper[1027]: -ERR Unknown command: "^P^P^P^P^P^P^P^P^P^P^P ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P ^P^P^P^P^P ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P ^P^P^P^P^P ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P ^P^P^P^P^P ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P ^P^P^P^P^P ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P ^P^P^P^P^P ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P ^P^P^P^P^P ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P ^P^P^P^P^P ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P ^P^P^P^P^P ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P ^P^P^P^P^P ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P ^P^P^P^P^P ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P ^P^P^P^P^P ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P Jul 28 14:03:49 home popper[1028]: (v2.1.4-R3) Servicing request from "usimsptc2 -146.usinternet.com" at 208.160.34.146 As you can see... I know where he's coming from. I find that he hammers away on port 110 with these control-p's till the popper exits. Afterwards the log files show missing hours of time and my system is trashed. I am sure part of the answer will be that ver 2.2.6 will fix it with the firewall and all... but I would still like an answer from some one with a handle on just what I am looking at. I have been plagued with this guy now for a week and have been loosing sleep over it. I would appreciate some inside information on how this is done and how to prevent it. Pleeding, Dave Helton ####################################################### Dave Helton System Admin QCACCESS.NET Circumspect Corporation dave@qcaccess.net 902 East River Drive Davenport, IA 52803 Business: 319-323-6313 Fax: 319-323-3415 QCAccess.net Home Page http://www.qcaccess.net ####################################################### To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message