Jim Freeze wrote:
Hi:
I got an interesting log report today. Has anyone seen such messages lately?
Jan 14 12:59:52 rabbit /kernel: ipfw: limit 100 reached on entry 64000
Jan 14 17:39:13 rabbit ftpd[1502]: ANONYMOUS FTP LOGIN REFUSED FROM
p5089A961.dip.t-dialin.net
Jan 14 17:39:13 rabbit ftpd[1503]: ANONYMOUS FTP LOGIN REFUSED FROM
p5089A961.dip.t-dialin.net
Jan 15 12:15:21 rabbit sm-mta[3937]: h0FHFIJI003936: Truncated MIME
Content-Disposition header due to
field size (length = 25) (possible attack)
Jan 15 17:33:03 rabbit ftpd[4434]: ANONYMOUS FTP LOGIN REFUSED FROM
pD9E60C0F.dip.t-dialin.net
Jan 15 17:33:04 rabbit ftpd[4435]: ANONYMOUS FTP LOGIN REFUSED FROM
pD9E60C0F.dip.t-dialin.net
Jan 15 23:59:48 rabbit sm-mta[5210]: h0G4xkJI005209: Truncated MIME
Content-Disposition header due to
field size (length = 22) (possible attack)
I've seen the "anonymous FTP denied" off and on. I think that some folks just randomly attempt to connect to any FTP server they find in the hopes that there's cool stuff there. The sm-mta Truncaded MIME stuff isn't familiar to me, and it doesn't actually seem related (compare the times). Could be someone with a broken mailer? or some sort of bogus MIME header that facilitates the propagation of some worm? It's probably a cheesy attempt at an "attack". But it's not blatent enough to do much more than note it in case something more serious goes wrong. If you don't have any clients that should be connecting from Deutsche TeleKom, you can just firewall off that whole subnet.
-- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
