Hi Noah, Improve on the experience, it is a very interesting occasion. Apart from personal experience you will help clean garbage people from The Net. Follow Stefan A. Muehlenweg's advice. Do forward incident to "IRIS-CERT" at: mailto:cert@rediris.es You can find the "IRIS-CERT RedIRIS Computer Emergency Response Team" at: Spanish URL: http://www.rediris.es/cert/contact.es.html English URL: http://www.rediris.es/cert/contact.en.html Do state "ALERT - System break-in attempt from jet.es", and send them the log attached and short description, tell them also to give you support and news till end. They will coordinate incident with Jet Spain ISP, and probably find out who was at the time connected with this dynamic IP lease at the moment of this indecent incident. Here at Spain we have strict rules with this kind of acts. I, Spanish, am shamed by them, as i am of the todays and continous ETA bombings here in Madrid. Maybe it well be that they become with their net connection canceled by the ISP and have also a strong fine. Stupid people, do not they know we are all connected, informed and well behaved?? If this incident is kept on the dark they will think they do not harm, that there are only computers on the other end, and they will try and try again not only with you but with a lot of other, they think it is only for fun, but they will have a good surprise!! By other way, if they want/need experience on security/break-ins why they do not arrange a small group and test and try to break among them?? Please, do not leave it alone, ACT ASAP. Do not worry if you have a small setup, those are the ones that need more attention, and no body needs really to know, the important is the fact. Spanish IRIS-CERT people are cool and professional, i know them personally, but take into account that we are now on August and at this time response can be slow, much of them are on holidays now. If you need help with the process do not hesitate to tell me, i'm willing to help you. PS: Noah, why you do not complete your _from_ mail info with your complete name, now you are only reflecting "<ksemat@wawa.eahd.or.ug>" and also arrange a short signature with contact info, for the event?? This will perform better, INMHO. ---- ksemat@wawa.eahd.or.ug wrote:

Could someone help me out with this I have responded by knocking out imap but there may be other avenues or it may be an innocent thing. This is what I have in my log. Aug 6 15:45:04 alpha imapd[27638]: System break-in attempt, host=infon819.jet.es [195.55.159.51] what other measures should I take? Noah ksemat@eahd.or.ug

-- HTH Best regards, Eduardo Carriles [-- Better a smile than a flame --] (Long time SuSE-Linux [preferred distro] user). [-- Se me nota mucho? -- Notices me much?] [-- Have a lot of fun...]