ipop3d logwatch entry suspicious
Mikkel L. Ellertson
mikkel at infinity-ltd.com
Tue Sep 9 15:12:28 UTC 2008
Roberto Figueroa wrote:
> Hi,
>
> I'm getting a lot of this entries in the LogWatch mail under ipop3d
> section:
>
> Success, while reading line user=appowner
> host=customer123-149-157.iplannetworks.net
> <http://customer123-149-157.iplannetworks.net> [200.123.149.157
> <http://200.123.149.157>]: 1
> Time(s)
> Success, while reading line user=mysql
> host=customer123-149-157.iplannetworks.net
> <http://customer123-149-157.iplannetworks.net> [200.123.149.157
> <http://200.123.149.157>]: 1
> Time(s)
> Success, while reading line user=john
> host=customer123-149-157.iplannetworks.net
> <http://customer123-149-157.iplannetworks.net> [200.123.149.157
> <http://200.123.149.157>]: 1
> Time(s)
>
> I'm also getting entries like this which I suppose are normal:
>
> Update user=USERNAME host=[LOCAL_IP_ADDR] nmsgs=0 ndele=1: 1 Time(s)
>
> (text in caps refer to real existing users and ip)
>
> Obviously we don´t have any relationship with iplannetworks.net
> <http://iplannetworks.net> domain
> I'm running FC 5.
> Didn't find any info on google.
>
> ¿do I must be worried?
>
> thanks in advance.
> Robert.
>
It looks like john is checking his mail from home/work using
iplannetworks.net as their ISP. If you are allowing users to check
their mail over the Internet, then I would not worry too much. If
your firewall is supposed to be blocking incomming connections from
the Internet, then you have a problem.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080909/b9b01cc2/attachment-0001.sig>
More information about the fedora-list
mailing list