[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: crack/imap
- From: Jeff Smelser <tradergt bigfoot com>
- To: redhat-list redhat com
- Subject: Re: crack/imap
- Date: Fri, 30 Apr 1999 22:12:03 +0000
Steve Borho wrote:
>
> On Fri, Apr 30, 1999 at 04:35:21PM -0600, Chuck Gadd wrote:
> > Jeff Smelser wrote:
> > >
> > > > > Everyone who tries to get one here seems to try imap. Any reason
> > > > > why? Does imap have lots of problems?
> > >
> > > no, these are crack attempts. I am my only user, and everyone else is
> > > locked out of my system. But everytime I get a refused connect, its for
> > > imap
> >
> > The older versions of IMAP have big problems with buffer overflow bugs.
> >
> > Looking at the log files of several linux boxes I maintain, I've seen the
> > following ports hit in "crack" attempts:
> >
> > IMAP : Known exploits in old version
> > NFS : Known exploits in old version
> > SNMP : No idea why....
>
> an snmpd daemon will provide a cracker with information about your
> system. Plus, many network management tools will probe on this port
> to determine if it's a "smart" node.
What's that tell them being in "Smart" node?
> > FINGER : Probing for info?
> > FTPD : Looking for a pub FTP?
> >
> > And even one attempt to connect to the Back Orifice port.
>
> There's a fake bo script you can attach to that port just to screw
> with people.
What do you mean? What's it do?
Jeff
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]