From owner-freebsd-security Tue Apr 6 21:28:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from aniwa.sky (p33-max12.wlg.ihug.co.nz [216.100.145.33]) by hub.freebsd.org (Postfix) with ESMTP id BD0BF151ED for ; Tue, 6 Apr 1999 21:28:04 -0700 (PDT) (envelope-from andrew@squiz.co.nz) Received: from aniwa.sky (localhost [127.0.0.1]) by aniwa.sky (8.9.1a/8.9.1) with ESMTP id QAA03277; Wed, 7 Apr 1999 16:25:50 +1200 (NZST) Message-Id: <199904070425.QAA03277@aniwa.sky> X-Mailer: exmh version 2.0.2 2/24/98 To: Paul MacKenzie Cc: freebsd-security@FreeBSD.ORG Subject: Re: Should I be worried, In-reply-to: Your message of "Tue, 06 Apr 1999 20:07:42 -0400." <4.1.19990406200132.00992430@mail.elehost.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 07 Apr 1999 16:25:49 +1200 From: Andrew McNaughton Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You've obviously been probed. The POP EOF message likely resulted from the connection being dropped without a QUIT command. You might care enough to verify whether this is how popper reports such a situation. grepping the popper source for that error message is probably the fastest way to get an idea of what causes such an error message. Andrew McNaughton > Quick message to allay a few fears. The other day I found this in the logs... > > Apr 3 06:43:44 server popper[20031]: @m-burg-01.rewiss.fu-berlin.de: -ERR > POP EOF received > Apr 3 06:43:45 server /kernel: ipfw: 13610 Accept TCP 160.45.166.130:22904 > xxx.xxx.xxx.xxx:23 in via ed0 > Apr 3 06:43:45 server /kernel: ipfw: 13610 Accept TCP 160.45.166.130:22904 > xxx.xxx.xxx.xxx:23 out via ed1 > > (the xxx.xxx.xxx.xxx address being the same above in both cases) > > This person was obviously an outsider because I have no clients in this > part of the world. Any thoughts on why Qpopper send this back assuming they > have no access to any e-mail addresses? > > As well the above error was shown a number of times for different addresses > (as though a scanner was run on a certain subnet mask). > > Should I be concerned? > > Thanks for any insight and discussion this opens up, > > Sincerely > > Paul > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- ----------- Andrew McNaughton andrew@squiz.co.nz http://www.newsroom.co.nz/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message