Security Incidents mailing list archives
Maillog Suspicious
From: flirtingboy20 () YAHOO COM (flirtingboy20)
Date: Wed, 12 Jan 2000 00:03:45 +0200
Hi all, I am a bit new to Linux Administrator, and are trying my best to make my box very secure. So I've looked at my log files in /var/log and found something very strange. Here is the log: Dec 26 01:47:29 MOD2000 sendmail[1054]: NOQUEUE: Null connection from pa149.zgora.ppp.tpnet.pl [212.160.14.149] Dec 26 01:47:51 MOD2000 sendmail[1062]: NOQUEUE: Null connection from pa149.zgora.ppp.tpnet.pl [212.160.14.149] Dec 26 01:47:52 MOD2000 sendmail[1057]: NOQUEUE: Null connection from pa149.zgora.ppp.tpnet.pl [212.160.14.149] Dec 26 01:47:55 MOD2000 sendmail[1067]: NOQUEUE: Null connection from pa149.zgora.ppp.tpnet.pl [212.160.14.149] Dec 26 01:48:00 MOD2000 sendmail[1069]: NOQUEUE: "debug" command from pa149.zgora.ppp.tpnet.pl [212.160.14.149] (212.160.14.149) Dec 26 01:48:00 MOD2000 sendmail[1069]: NOQUEUE: Null connection from pa149.zgora.ppp.tpnet.pl [212.160.14.149] Dec 26 01:48:01 MOD2000 sendmail[1071]: NOQUEUE: pa149.zgora.ppp.tpnet.pl [212.160.14.149]: expn root Dec 26 01:48:02 MOD2000 sendmail[1072]: NOQUEUE: pa149.zgora.ppp.tpnet.pl [212.160.14.149]: expn news Dec 26 01:48:02 MOD2000 sendmail[1074]: NOQUEUE: pa149.zgora.ppp.tpnet.pl [212.160.14.149]: expn postmaster Dec 26 01:48:03 MOD2000 sendmail[1075]: NOQUEUE: pa149.zgora.ppp.tpnet.pl [212.160.14.149]: expn majordomo Dec 26 01:48:04 MOD2000 sendmail[1076]: NOQUEUE: pa149.zgora.ppp.tpnet.pl [212.160.14.149]: expn decode Dec 26 01:48:05 MOD2000 sendmail[1077]: NOQUEUE: pa149.zgora.ppp.tpnet.pl [212.160.14.149]: expn root Dec 26 01:48:05 MOD2000 sendmail[1070]: NOQUEUE: pa149.zgora.ppp.tpnet.pl [212.160.14.149]: EXPN attack? Dec 26 01:48:06 MOD2000 sendmail[1078]: NOQUEUE: pa149.zgora.ppp.tpnet.pl [212.160.14.149]: expn admin Dec 26 01:50:27 MOD2000 sendmail[1086]: NOQUEUE: Null connection from pa149.zgora.ppp.tpnet.pl [212.160.14.149] Can anyone tell me exactly what this all mean? O yeah and another thing, which files to I check to look for port probing? Many Thanks Adriaan
Current thread:
- Re: Log tools?, (continued)
- Re: Log tools? Richard Trott (Jan 17)
- Re: Log tools? Pauline van Winsen (Jan 18)
- AMD/Port 100099 and portmap Daniel K. Boyd (Jan 18)
- Re: AMD/Port 100099 and portmap CyberPsychotic (Jan 18)
- Large quantity of traffic from amazon.com - source_port 3000 Peter Bates (Jan 13)
- Re: Port 4 Lutz Pressler (Jan 12)
- Re: Port 4 Vanja Hrustic (Jan 13)
- New vulnerability (fwd) Alfred Huger (Jan 13)
- An Embryonic Counterintelligence Tool Stephen P. Berry (Jan 14)
- Re: An Embryonic Counterintelligence Tool Vanja Hrustic (Jan 18)
- Maillog Suspicious flirtingboy20 (Jan 11)
- Re: Maillog Suspicious David A. Bandel (Jan 11)
- Re: Maillog Suspicious James Phillips (Jan 11)
- Re: Maillog Suspicious Yiorgos Adamopoulos (Jan 11)
- strange entrys in /var/log/messages Ben Russell (Jan 11)
- Re: strange entrys in /var/log/messages Christopher Wilson (Jan 12)
- Re: strange entrys in /var/log/messages Robert Graham (Jan 12)
- Re: Maillog Suspicious Jose Nazario (Jan 11)
- Re: Maillog Suspicious Larry W. Cashdollar (Jan 11)
- Attempted port scans. Steve (Jan 11)
- Re: Maillog Suspicious Khetan Gajjar (Jan 11)