pop3d exploit
Vernon A. Fort
vfort at provident-solutions.com
Tue Jan 30 12:51:05 EST 2007
I think I just saw an attempt to exploit my pop3d service. A number of
badlogin attempts followed by:
Running cyrus-iampd 2.2.12-r4 on gentoo amd64 dual core. I've never
seen this problem prior to today. Is there any know workaround?
Vernon
Jan 30 10:07:46 ictone master[28137]: about to exec /usr/lib/cyrus/pop3d
Jan 30 10:07:46 ictone pop3[21000]: accepted connection
Jan 30 10:07:46 ictone master[28137]: couldn't exec
/usr/lib/cyrus/pop3d: Too many open files in system
Jan 30 10:07:46 ictone pop3[21097]: warning: cannot open
/etc/hosts.allow: Too many open files in system
Jan 30 10:07:46 ictone master[6806]: process 28137 exited, status 71
Jan 30 10:07:46 ictone pop3[21000]: warning: cannot open
/etc/hosts.allow: Too many open files in system
Jan 30 10:07:47 ictone pop3[21097]: error: bad option name:
"p<AE><F0>^N<FF>\177"
Jan 30 10:07:47 ictone master[6806]: service pop3 pid 28137 in READY
state: terminated abnormally
Jan 30 10:07:47 ictone pop3[21000]: error: bad option name:
"p>\177{<FF>\177"
Jan 30 10:07:47 ictone pop3[21097]: warning: socket: Too many open files
in system
Jan 30 10:07:47 ictone pop3[21000]: warning: socket: Too many open files
in system
Jan 30 10:07:47 ictone pop3[21097]: refused connection from 68.216.153.200
Jan 30 10:07:47 ictone pop3[21000]: refused connection from 68.216.153.200
Jan 30 10:07:47 ictone pop3[21097]: accept failed: Too many open files
in system
Jan 30 10:07:47 ictone master[6806]: process 21097 exited, status 71
Jan 30 10:07:47 ictone master[6806]: service pop3 pid 21097 in READY
state: terminated abnormally
Jan 30 10:07:47 ictone pop3[21000]: accepted connection
More information about the Info-cyrus
mailing list