From owner-freebsd-questions Tue Sep 9 00:16:21 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id AAA16303 for questions-outgoing; Tue, 9 Sep 1997 00:16:21 -0700 (PDT) Received: from syzygy.zytek.com (syzygy.zytek.com [140.174.241.1]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id AAA16287 for ; Tue, 9 Sep 1997 00:16:18 -0700 (PDT) Received: (from mccord@localhost) by syzygy.zytek.com (8.6.11/8.6.9) id AAA27574; Tue, 9 Sep 1997 00:16:14 -0700 Date: Tue, 9 Sep 1997 00:16:14 -0700 From: Samara McCord Message-Id: <199709090716.AAA27574@syzygy.zytek.com> To: freebsd-questions@FreeBSD.ORG Subject: Attacks on IMAP Daemon - Security Weakness? Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I've noticed a number of suspicious error messages since we installed an IMAP server (running on port 143), and I'm wondering if these people are trying to hack into imapd using a known weakness. We have since installed tcp_wrapper and have turned off all access to imapd outside of our network, but I'm curious just the same. Here are examples from the logs: ------- Sep 1 00:23:55 imapd[29019]: EOF, while reading line user=??? host=cx52269-a.msnv1.occa.home.com Sep 1 11:10:42 imapd[438]: EOF, while reading line user=??? host=mek-12.hut.fi Sep 1 11:57:55 imapd[513]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=usr18-dialup3.mix2.Atlanta.mci.net Sep 1 11:57:55 imapd[513]: EOF, while reading line user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=usr18-dialup3.mix2.Atlanta.mci.net Sep 1 21:29:12 imapd[1445]: EOF, while reading line user=??? host=ruddock-99.caltech.edu Sep 1 23:37:18 imapd[1553]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=ruddock-99.caltech.edu Sep 6 21:36:11 imapd[16677]: EOF, while reading line user=??? host=u4arut.nsls.bnl.gov Sep 7 01:22:55 imapd[16963]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=u4arut.nsls.bnl.gov Sep 7 22:28:36 imapd[19329]: EOF, while reading line user=??? host=209.27.26.2 Sep 7 22:28:40 imapd[19330]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=209.27.26.2 Sep 7 22:30:31 imapd[19334]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=1Cust32.max2.new-york.ny.ms.uu.net Sep 7 22:30:31 imapd[19334]: EOF, while reading line user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=1Cust32.max2.new-york.ny.ms.uu.net Sep 8 12:40:33 imapd[21481]: EOF, while reading line user=??? host=thor.wordwrap.net Sep 8 13:57:29 imapd[21731]: EOF, while reading line user=??? host=dns1.interwarp.net Sep 8 16:50:06 imapd[22107]: Login failure user=^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P host=dns1.interwarp.net Sep 8 16:59:08 imapd[22149]: EOF, while reading line user=??? host=wipd.com Sep 8 17:37:20 imapd[22255]: EOF, while reading line user=??? host=lab09.galley.cc.ship.edu -------