Security Incidents mailing list archives
POP3 (110) Port Scans, New Exploit?
From: cjc () SCITEC COM (Crist J. Clark)
Date: Mon, 29 May 2000 16:29:58 -0400
Over the weekend, we had our address space scanned for POP3 services (port 110). The hosts involved were, 206.176.81.2 206.182.235.227 207.233.243.234 (host.domain.com) I have attempted to notify resposbible parties for each. We do have a POP server, and it did record what looks like a dropped login attempt, May 28 04:14:50 newmail ipop3d[17145]: Command stream end of file while reading line user=??? host=[206.182.235.227] But to the best of my estimates, there were no problems. Nothing in the logs, and my Tripwire on the box did not go off. Any ideas why a sudden interest in POP3? I have not heard of any new "remote" exploits recently (although expoits where a valid user can get a shell have been demonstrated for some POPs and IMAPs recently). -- Crist J. Clark cjc () scitec com SciTec, Inc (609)921-3892 x252
Current thread:
- POP3 (110) Port Scans, New Exploit? Crist J. Clark (May 29)
- linuxconf scans from KR Infrastructure Dept. (Jun 01)
- Re: POP3 (110) Port Scans, New Exploit? Chip Mefford (Jun 01)