It looks like somebody ran some sort of port scanner against your
system, looking for a vulnerability. From the attached logs, it wasn't
obvious that the attack was successful. Did you find evidence on
the system that it had been cracked? It's possible that imapd with-
stood the attack. I'm no security expert, and only responded with
my 2 cents worth to keep the topic from dying. Any input from more
knowledgeable people out there?
Marc
----------
Marc Mongeon <[EMAIL PROTECTED]>
Unix Specialist
Ban-Koe Systems
9100 W Bloomington Fwy
Bloomington, MN 55431-2200
(612)888-0123, x417 | FAX: (612)888-3344
----------
"It's such a fine line between clever and stupid."
-- David St. Hubbins and Nigel Tufnel of "Spinal Tap"
>>> Dan DeMond <[EMAIL PROTECTED]> 06/21 2:44 PM >>>
Hello all,
I'm think that our system may have been cracked. I think they got
in through imapd, because of what was in the logfile(see attachment).
My question is, did they really get in through imapd? On
www.cert.org there was an advisory for imapd, but that was last year this
time. Cert said the affected versions were <=10.234, while our version
reports 11.241. Are newer versions still vulnerable?
Thanks in Advance,
Dan DeMond
