logcheck

Pavel Kankovsky peak na argo.troja.mff.cuni.cz
Středa Listopad 22 02:18:07 CET 2000


On Tue, 21 Nov 2000, Petr Šafrata wrote:

> Nov 16 22:19:51 orel sendmail[22726]: NOQUEUE:
> IDENT:root na fra-pci-lag-vty30.as.wcom.net [212.211.66.30]: expn root

Nekdo se zrejme zajimal, kam chodi posta pro roota.

> imapd[22714]: Connection reset by peer, while reading line user=???
> host=UNKNOWN
> ipop3d[22715]: Connection reset by peer while reading line
> user=??? host=UNKNOWN

Tady zas nekdo skenoval porty.

> Nov 16 22:06:25 orel imapd[22714]: connect from 212.211.66.30
> Nov 16 22:06:25 orel ipop3d[22715]: connect from 212.211.66.30
> Nov 16 22:06:31 orel in.ftpd[22716]: refused connect from
> fra-pci-lag-vty30.as.wcom.net
> Nov 16 22:19:46 orel ipop3d[22723]: connect from 212.211.66.30
> Nov 16 22:19:47 orel imapd[22724]: connect from 212.211.66.30

Tohle je asi taky od skenovani.

> Man tuto IP 212.211.66.30 uplne zakazat????

Zbytecne. I kdyby to z nej nekdo nekdy zkousel znova, pak urcite maji
deset nahradnich pocitacu pro pripad, ze by to nefungovalo. Navic to podle
adresy muze byt nejaky dialup, a tudiz ta adresa uz ted muze byt prirazena
nekomu uplne jinemu.

> Pripadne zakazovat dalsi ze kterych nekdo bude skenovat porty nebo se
> pokusi o neco takovaho.

Muzete si zkusit stezovat u provozovatele toho pocitace. Hlavne zakazte na
svem pocitaci ty sluzby, pres ktere by se tam nekdo mohl naborit.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."



Další informace o konferenci Linux