RE: new pop3 exploit out?

From: Miller, Toby (ToMillerat_private)
Date: Tue Oct 09 2001 - 08:02:25 PDT

  • Next message: Dave Dittrich: "Re: repeated zone transfer denied"

    All,
    The vul-dev list is having a heavy discussion on AIM and exploiting it.
    Check it out.
    
    
    	
    Toby 
    
    -----Original Message-----
    From: leon [mailto:leonat_private]
    Sent: Friday, October 05, 2001 4:03 PM
    To: incidentsat_private
    Subject: new pop3 exploit out?
    
    
    Hi all,
    
    I keep getting scanned on various ports (the usual 80, 23, 5190? I know
    it is aim but not sure why people are looking for it) upon scanning the
    systems back I find that they are only running a mail server on 110
    (pop3) I am sorry I do not have banners that I have grabbed or anything
    but I do have ip's for ya ;)
    
    213.245.47.41
    216.220.104.180
    213.112.62.68 (this one is running a multitude of services at the time
    of writing)
    24.29.125.76
    
    Anyone know anything about this?  I don't really care because it is more
    of an annoyance since I am not running any of the services they are
    looking for (as always).
    
    I just figured I would give the list a heads up since I found it
    strange.
    
    Cheers and have a good weekend all,
    
    Leon
    
    
    ------------------------------------------------------------------------
    ----
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Oct 09 2001 - 08:29:07 PDT