Recently the local administrators thought I was running imapd on our
local network, which they considered a serious security hole, and I
was asked to remove it.
In fact I wasn't running imapd, but I was running the default Red Hat
5.0 inetd configuration, which has the imap port enabled. Incoming
connections invoked tcpd, which logged the connection and then failed to
exec imapd.
If I had inadvertantly installed the imapd package, it would have been
enabled by default. Judging from my security logs, I've had a lot of
attempts at the imap port from around the world (as well as telnet,
pop-3 and dns ports). This is on a totally unadvertised machine whose
name and address aren't mentioned anywhere!
So because of the request, I've tidied up the machine's security
configuration. It's a big improvement from what it was, though there
are still things I'm not happy with. To keep the local admins' probes
happy, I've not got anything running on the imap port any more.
I would like to continue logging and fingering back probes to these
ports. Does anyone have any suggestion for rejecting a connection to
these ports, but _also_ triggering tcpd-style logging and processing
(aka. tcp_wrappers-style)?
Ta,
-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu