imap attack?

Why should people be trying to access my imap server?


Aug 30 15:19:40 nard imapd[23845]: imap service init from 80.118.228.139
Aug 30 15:19:40 nard imapd[23845]: Command stream end of file, while
reading line user=??? host=139-228-118-80.kaptech.net [80.118.228.139]
Aug 30 15:19:42 nard imapd[23846]: imap service init from 80.118.228.139
Aug 30 15:22:42 nard imapd[23846]: Autologout user=???
host=139-228-118-80.kaptech.net [80.118.228.139]

--
Alan

( If replying by mail, please note that all "sardines" are canned.
There is also a password autoresponder but, unless this a very
old message, a "tuna" will swim right through. )

Re: imap attack?

Alan Clifford wrote:

>
> Why should people be trying to access my imap server?
>
>
> Aug 30 15:19:40 nard imapd[23845]: imap service init from 80.118.228.139
> Aug 30 15:19:40 nard imapd[23845]: Command stream end of file, while
> reading line user=??? host=139-228-118-80.kaptech.net [80.118.228.139]
> Aug 30 15:19:42 nard imapd[23846]: imap service init from 80.118.228.139
> Aug 30 15:22:42 nard imapd[23846]: Autologout user=???
> host=139-228-118-80.kaptech.net [80.118.228.139]
>
Alan,

People would not, however a worm trying to exploit Imap services might.

There is no real way to tell.

You have to assess the access attempt pattern and determine what it is.

AK

Re: imap attack?

On Sat, 3 Sep 2005, Alan Clifford wrote:
> Why should people be trying to access my imap server?

Probably just a port scanner.

-- Mark --

http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.