Date: Fri, 4 Jun 1999 13:30:47 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: Marco Masotti <masotti@tiscalinet.it> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Popper unknown command (FreeBSD 2.1.6) Message-ID: <Pine.BSF.4.03.9906041329250.1345-100000@resnet.uoregon.edu> In-Reply-To: <37569A8B.E3A735BD@tiscalinet.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Jun 1999, Marco Masotti wrote: > > Hello. > I'm reviewing the log files accumulated on a bastion host > (FreeBSD 2.1.6-stable) and I've seen several messages in this pattern: > I think is the attempt of exploiting a breach in the popper program, but > I cannot realize which kind of attempt is that and whether it succeded > or not. > > Thanks for any hint! > > -Marco > > > Apr 28 19:46:12 lafaiette popper[1106]: @ip168.pool-310.flashnet.it: > -ERR Unknown command: > ^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P^P Someone is attempting to exploit a known bug in popper. You should upgrade popper immediately and check for any breakins. Based on the reaction of popper, you have probably been comprimised. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.03.9906041329250.1345-100000>