Date: Wed, 21 Apr 1999 01:35:07 -0500 (EST) From: Alfred Perlstein <bright@rush.net> To: kelvin Liu <kelvin@taipingcarpets.com> Cc: questions@freebsd.org Subject: Re: popper error Message-ID: <Pine.BSF.3.96.990421012944.11384g-100000@cygnus.rush.net> In-Reply-To: <371D45BA.B39143E3@taipingcarpets.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Apr 1999, kelvin Liu wrote: > Dear Alfred, > > When I read my freebsd server log file "messages". I see some error that > I don't know how to fix. Could you help me? The message is > > popper [9064] : @[203.101.3.38] -Err too many argurments for the user > command > popper [9064] : @[203.101.3.38] -Err Eof received > : > : > popper [9041] :@[203.90.229.143] : -Err too few argurments for the auth > command. > popper [9041] :karensun@[203.90.229.143] -Err Unknow command "xsender" Two things may be happeneing: 1) several months ago there was an exploit for the program "popper" that allowed remote people to exploit a buffer overrun allowing them to gain root access to your machine 2) you have a user that is experimenting with accessing your pop3 server by hand, you can do test this out yourself by typing "telnet localhost pop3" this will connect you to your own pop3 port where you can try to converse with the server. What i suggesting doing is seeing if you have a user on your system called "karensun" perhaps or track down the IP address 203.90.229.143 and speak to the user that is connecting to your machines and causing this error. They may just be inquisitive, or they may be trying to exploit your machines. I lean towards suspecting '2' because this doesn't look like the typical pattern that would show up if you were under attack. Lastly, i'm not all that familiar with the pop3 protocol, perhaps they have a non-standard client that is misbehaving. In any case it's worth investigating. -Alfred > > > Thanks > > Regards, > Kelvin > -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990421012944.11384g-100000>