[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Lightning fast attacks?

From: Eric Wampner <eww kataent com>
To: linux-security redhat com
Subject: Lightning fast attacks?
Date: Fri, 08 May 1998 09:39:09 -0400

RH4.2 Linux Intel

Last night I got three of these log messages: Two in a row, one a bit later.

May  8 00:35:15 osg-gw imapd[4307]: warning: can't get client address:
Connectio
n reset by peer
May  8 00:35:15 osg-gw imapd[4307]: refused connect from unknown

Now, I have imapd blocked to non-local users using tcpd wrappers, so
tcpd is trying to find the address of the remote machine (all my wrappers
are specified using IP addresses rather than domain names).

I assume that some call (getpeername?) is failing on the connect, so it
rejects the connection.

My question, is the attacker learning anything? Are they able to "time" their
connection requests so they know if you are trying to track them?

eric

-- 
-
Eric Wampner          Orlando Software Group, Inc.      eww kataent com
Software Engineer           (407) 366-0909       wampner e w orlsoftgrp com
Systems Administrator     fax (407) 366-2721              eww iag net

Follow-Ups:
- Re: [linux-security] Lightning fast attacks?
  - From: Wietse Venema

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]