Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Sep 1997 00:16:14 -0700
From:      Samara McCord <mccord@zytek.com>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Attacks on IMAP Daemon - Security Weakness?
Message-ID:  <199709090716.AAA27574@syzygy.zytek.com>

next in thread | raw e-mail | index | archive | help
I've noticed a number of suspicious error messages since we installed
an IMAP server (running on port 143), and I'm wondering if these people
are trying to hack into imapd using a known weakness.  We have since
installed tcp_wrapper and have turned off all access to imapd outside
of our network, but I'm curious just the same.  Here are examples from
the logs:

-------
Sep  1 00:23:55 imapd[29019]: EOF, while reading line user=??? host=cx52269-a.msnv1.occa.home.com
Sep  1 11:10:42 imapd[438]: EOF, while reading line user=??? host=mek-12.hut.fi
Sep  1 11:57:55 imapd[513]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=usr18-dialup3.mix2.Atlanta.mci.net
Sep  1 11:57:55 imapd[513]: EOF, while reading line user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=usr18-dialup3.mix2.Atlanta.mci.net
Sep  1 21:29:12 imapd[1445]: EOF, while reading line user=??? host=ruddock-99.caltech.edu
Sep  1 23:37:18 imapd[1553]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=ruddock-99.caltech.edu
Sep  6 21:36:11 imapd[16677]: EOF, while reading line user=??? host=u4arut.nsls.bnl.gov
Sep  7 01:22:55 imapd[16963]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=u4arut.nsls.bnl.gov
Sep  7 22:28:36 imapd[19329]: EOF, while reading line user=??? host=209.27.26.2
Sep  7 22:28:40 imapd[19330]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=209.27.26.2
Sep  7 22:30:31 imapd[19334]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=1Cust32.max2.new-york.ny.ms.uu.net
Sep  7 22:30:31 imapd[19334]: EOF, while reading line user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=1Cust32.max2.new-york.ny.ms.uu.net
Sep  8 12:40:33 imapd[21481]: EOF, while reading line user=??? host=thor.wordwrap.net
Sep  8 13:57:29 imapd[21731]: EOF, while reading line user=??? host=dns1.interwarp.net
Sep  8 16:50:06 imapd[22107]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=dns1.interwarp.net
Sep  8 16:59:08 imapd[22149]: EOF, while reading line user=??? host=wipd.com
Sep  8 17:37:20 imapd[22255]: EOF, while reading line user=??? host=lab09.galley.cc.ship.edu
-------



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709090716.AAA27574>