ipop3d logwatch entry suspicious
Bill Davidsen
davidsen at tmr.com
Tue Sep 9 19:45:22 UTC 2008
Mikkel L. Ellertson wrote:
> Roberto Figueroa wrote:
>> Hi,
>>
>> I'm getting a lot of this entries in the LogWatch mail under ipop3d
>> section:
>>
>> Success, while reading line user=appowner
>> host=customer123-149-157.iplannetworks.net
>> <http://customer123-149-157.iplannetworks.net> [200.123.149.157
>> <http://200.123.149.157>]: 1
>> Time(s)
>> Success, while reading line user=mysql
>> host=customer123-149-157.iplannetworks.net
>> <http://customer123-149-157.iplannetworks.net> [200.123.149.157
>> <http://200.123.149.157>]: 1
>> Time(s)
>> Success, while reading line user=john
>> host=customer123-149-157.iplannetworks.net
>> <http://customer123-149-157.iplannetworks.net> [200.123.149.157
>> <http://200.123.149.157>]: 1
>> Time(s)
>>
>> I'm also getting entries like this which I suppose are normal:
>>
>> Update user=USERNAME host=[LOCAL_IP_ADDR] nmsgs=0 ndele=1: 1 Time(s)
>>
>> (text in caps refer to real existing users and ip)
>>
>> Obviously we don´t have any relationship with iplannetworks.net
>> <http://iplannetworks.net> domain
>> I'm running FC 5.
>> Didn't find any info on google.
>>
>> ¿do I must be worried?
>>
>> thanks in advance.
>> Robert.
>>
> It looks like john is checking his mail from home/work using
> iplannetworks.net as their ISP. If you are allowing users to check
> their mail over the Internet, then I would not worry too much. If
> your firewall is supposed to be blocking incomming connections from
> the Internet, then you have a problem.
Sounds right to me. But I would think about access to system mail from
home, and if something like pop3sis what he should be using.
>
> Mikkel
>
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list