[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwtk-users
Subject:    Re: smap: what does EXPN root mean ???
From:       Donald J Smith <donald.j.smith () gd-is ! com>
Date:       2000-03-21 13:30:20
[Download RAW message or body]

[To be removed from this list send the message "unsubscribe fwtk-users" in the
BODY of a mail message to majordomo@ex.tis.com.]

At 08:16 AM 3/21/00 +0100, Dirk.Nerling wrote:
>[To be removed from this list send the message "unsubscribe fwtk-users" in
the
>BODY of a mail message to majordomo@ex.tis.com.]
>
>Hello all,
>
>somebody tried to access my firewall. As far as I see there is nothing to
>worry about. But what does "EXPN root" mean? 
The "cracker" was trying to find out who the root account mapped to.
You have EXPN turned off so nothing was discovered that way (except that
you've running smap and EXPN is turned off;-)
You might be more concerned with the ICMP but I really can't help you there.

You were definetly scanned.
------------------------------------------------------------------------------
Don Smith                               General Dynamics Information Systems
Systems Administrator                   8005 South Chester St
                                        EngleWood, Co. 80112
Phone (303) 649-7554
FAX   (303) 649-7504			donald.j.smith@gd-is.com
Error msgs that I love: 
"Keyboard not found press F1 to continue" (pc bios)
"Harddrive controller failure insert new disk and press any key to
continue" (pc bios)
"The disk is write protected Remove the write protect or
 use another disk." (nt)
User must change his password before he logs in the first time. (nt)
------------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]