logcheck

Úterý Listopad 21 13:57:19 CET 2000

Zdravim,

,potreboval bych znat nazor odborniku o co se kdo snazil a jak je to nebezpecne. 
man nainstalovany logcheck a ten mi dal tuto hlasku do mailu

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Nov 16 22:19:51 orel sendmail[22726]: NOQUEUE: IDENT:root na fra-pci-lag-vty30.as.wcom.net [212.211.66.30]: expn root

V logu maillog sem objevil toto:

imapd[22714]: Connection reset by peer, while reading line user=??? host=UNKNOWN
06:31 orel ipop3d[22715]: Connection reset by peer while reading line user=??? host=UNKNOWN

sendmail[22718]:NOQUEUE: Null connection from IDENT:root na fra-pci-lag-vty30.as.wcom.net [212.211.66.30]

sendmail[22726]:NOQUEUE: IDENT:root na fra-pci-lag-vty30.as.wcom.net [212.211.66.30]: expn root

ipop3d[22723]: No such file or directory while reading line user=??? host=fra-pci-lag-vty30.as.wcom.net [212.211.66.30]
orel imapd[22724]: command stream end of file, while reading line user=??? host=fra-pci-lag-ty30.as.wcom.net [212.211.66.30]
orel imapd[22734]: imap service init from 194.50.64.20
orel imapd[22734]: command stream end of file, while reading line user=??? host=[194.50.64.20]

taky sem koukal v logu secure ze se chtel pripojit s teto IP na FTP, ale to ho odmitlo
Nov 16 22:06:25 orel imapd[22714]: connect from 212.211.66.30
Nov 16 22:06:25 orel ipop3d[22715]: connect from 212.211.66.30
Nov 16 22:06:31 orel in.ftpd[22716]: refused connect from fra-pci-lag-vty30.as.wcom.net
Nov 16 22:19:46 orel ipop3d[22723]: connect from 212.211.66.30
Nov 16 22:19:47 orel imapd[22724]: connect from 212.211.66.30

Man tuto IP 212.211.66.30 uplne zakazat???? Pripadne zakazovat dalsi ze kterych nekdo bude skenovat porty nebo se pokusi o neco takovaho.

Dekuji 

safrata na cml.cz