[luau] BIG sendmail prob./man in the middle maybe ?
F. Hines
frhines at swbell.net
Fri Aug 23 11:05:01 PDT 2002
Maybe im just paranoid/desperate but, i've been getting alot of scan's from
a ip#'s in spain lately, a few attempted ftp logins, and ssh connections,
and i got this from in my logwatch email (not sure what the hell that is but
it can't be good),
-----
Aug 23 07:10:43 NS2 rpc.statd[752]: gethostbyname error for
^X? ?^X? ?^Z? ?^Z? ?
%8x%8x%8x%8x%8x%8x%8x%8x%8x%62716x%hn%51859x%hn\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\
220\
220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220
-----
So i was thinking if i my machine wasn't as secure as i thought it was (and
my D-Link router isn't set up right) and someone does a man in the middle
attack to grab plain text passwords for smtp_auth how could i tell ?
Florian
----- Original Message -----
From: "Florian Hines" <frhines at swbell.net>
To: "Luau" <luau at videl.ics.hawaii.edu>
Sent: Friday, August 23, 2002 2:08 PM
Subject: [luau] BIG sendmail prob.
> Hi guys,
>
> I've never run into this before so im hoping you guys can help me.
>
> Twice in the last few days i've had to recompile the sendmail.mc >
> sendmail.cf because of the following errors.
>
> ---From the logs---
> Aug 19 22:12:14 NS2 sendmail[2613]: NOQUEUE: SYSERR(root): No local mailer
> defined: Inappropriate ioctl for device
> Aug 19 22:12:14 NS2 sendmail[2613]: NOQUEUE: 0: fl=0x8002, mode=20620:
> CHR:
> size=0
> Aug 19 22:12:14 NS2 sendmail[2613]: NOQUEUE: 1: fl=0x8001, mode=20666:
> CHR:
> size=0
> Aug 19 22:12:14 NS2 sendmail[2613]: NOQUEUE: 2: fl=0x8001, mode=20666:
> CHR:
> size=0
> Aug 19 22:12:14 NS2 sendmail[2613]: NOQUEUE: 3: fl=0x2, mode=140777:
SOCK
> localhost->[[UNIX: /dev/log]]
> Aug 19 22:12:14 NS2 sendmail[2613]: NOQUEUE: SYSERR(root): QueueDirectory
> (Q)
> option must be set
> -------------------
>
> And now i have a big problem that i can't figure out.
>
> When someone from the outside tries to connect to sendmail using the
domains
> (ex. mail.something.com) i get "Connection Refused" it works fine if
you're
> on the machine and sending mail localy. Sendmail's set up to use SASL. It
> worked fine up until this week i made no changes what so ever.(I disabled
> iptables to make sure its not the firewall) HTTP SSH POP3 and MYSQL all
> connected fine. Anyone have any ideas ? I really need help on this one.
>
> Florian
>
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau
>
_______________________________________________
LUAU mailing list
LUAU at videl.ics.hawaii.edu
http://videl.ics.hawaii.edu/mailman/listinfo/luau
More information about the LUAU
mailing list