This dosen't mean that they were logged in locally, it shows you that
someone on 24.7.234.239 tried to connect to the IMAP service. Manual
telnets or using a mail client will make this message appear (it could
also be some sort of scanning tool looking for exploitable IMAP
servers). This message is completely benign but you should probably
command out the IMAP service entry from /etc/inetd.conf and then restart
inetd.conf. (Commend it out by searching for the imap line and putting a
# in front of it then saving the file. Restart inetd by issuing a
'killall -HUP inetd' command as root)
-Robert Gash
If you're on a cablemodem, I would look into using the "portsentry" and
"snort" programs on your server machine. I am constantly catching
would-be attackers and people portscanning my machine and blocking them
before they can do any damage. It's also nice to have full logs to report
them to the proper authorities should the activity become harmful.
Snort Homepage (uses PROMISC mode to detect attack signatures on the
wire): http://apps.freshmeat.net/homepage/924538912/
Portsentry (listens and detects portscans, can then add a hosts.deny rule
as well as an ipchains or route command to totally block the host):
http://apps.freshmeat.net/homepage/898904215/
-Robert
On Tue, 18 Jan 2000, Brian J. Dowd wrote:
> My log file reads the following two lines:
> Jan 17 20:28:32 [hostname] imapd[PID]: connect from 24.7.234.239
> Jan 17 20:28:32 [hostname] imapd[PID]: error: cannot execute
> /usr/sbin/imapd: No such file or directory
> Would this have happened if someone pinged port 143 on my server or
> would they have to be logged into my machine to issue this command?
> I don't run any imap services on this machine but I previously have
> connected to and downloaded the U. of Wash. imap server source code. I
> never compiled it, however.
> -Brian
>
> --
> To unsubscribe: mail ">majordomo@ale.org with "unsubscribe ale" in message body.
>
--
.----------------- PGP Key: `finger ">gashalot@gashalot.com` -----------------.
| Robert Gash | Work - ">gashalot@fasturl.net |
| Senior Systems Administrator | Personal - ">gashalot@gashalot.com |
| VenerNet Inc -- www.fasturl.net | http://www.gashalot.com |
`---- PGP Key Fprint: E6F3 CACA 9245 786B 7734 2853 D2C7 31D7 80FE 3B51 ----'
--
To unsubscribe: mail ">majordomo@ale.org with "unsubscribe ale" in message body.