From owner-freebsd-questions Sun Aug 1 18:50:38 1999 Delivered-To: freebsd-questions@freebsd.org Received: from uz.ComCAT.COM (uz.ComCAT.COM [204.170.64.8]) by hub.freebsd.org (Postfix) with ESMTP id 1553C14C40 for ; Sun, 1 Aug 1999 18:50:32 -0700 (PDT) (envelope-from jerryr@ComCAT.COM) Received: from uw.ComCAT.COM (uw [204.170.64.249]) by uz.ComCAT.COM (8.8.8/8.8.8/sol2/mh/19980701) with ESMTP; id VAA28521; Sun, 1 Aug 1999 21:48:14 -0400 (EDT) Received: from localhost by uw.ComCAT.COM (8.9.1a/8.9.1/sol2/clnt/19981012) with ESMTP id VAA19095 for ; Sun, 1 Aug 1999 21:48:10 -0400 (EDT) X-Authentication-Warning: uw.ComCAT.COM: jerryr owned process doing -bs Date: Sun, 1 Aug 1999 21:48:09 -0400 (EDT) From: Jerry Raynor X-Sender: jerryr@uw To: freebsd-questions@FreeBSD.ORG Subject: Getting Hacked threough POPPER Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm using Sendmail 8.9 and FreeBSD 2.2.5-R (yes I know I have to upgrade, I'm working on it). I keep getting attacked through Popper and shortly after I see such an attack they login with a username on my system. How are they doing this and how can I stop it!?! I've obviously added these domain to deny them from my firewall. Is there a way to prevent connection through popper? Thanks! Jerry Here's a clip of the message log: <-- Log Clip Aug 1 19:30:42 domain popper[18383]: @ts004d26.trn-cn.concentric.net: -ERR $ ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^$ P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P$ ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^$ P^P^P^P^P^P^P^P Aug 1 20:29:43 domain popper[18634]: @mandd.nnmemphis.net: -ERR Unknown com$ P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P$ ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^$ P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P$ ^P^P^P^P^P^P^P Aug 1 20:30:05 domain popper[18642]: @mandd.nnmemphis.net: -ERR Unknown com$ P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P$ ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^$ P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P$ ^P^P^P^P^P^P^P Aug 1 20:33:52 domain popper[18650]: @mandd.nnmemphis.net: -ERR Unknown com$ P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P$ ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^$ P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P$ ^P^P^P^P^P^P^P <-- End Clip To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message