Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] Complete mail lost, exploit?
  • From: Nix <suse@xxxxxxxxxxxxxxx>
  • Date: Thu, 08 Feb 2001 09:39:21 +1100
  • Message-id: <5.0.2.1.0.20010208093459.03ae50c0@xxxxxxxxxxxxxxxxxxxx>
At 05:59 AM 8/02/2001, you wrote:
Hi all!

I get a bit paranoid now, this night all mail folders out of ~/Mail
disappeared, 4000 Mails gone away. First I thought of a failure in KMail
that hat destroyed the folders, but some other files in the root folder
disappeared as well.

Ouch. I don't suppose you rebooted the box by any chance? (check uptime pls)
This is quite possibly a disk/filesystem problem.

I checked the logs (messages, warn etc), nothing. No
failed logins, nothing to see. I have tcp dumps of the times system was
online,

Using what capture program? tcpdump? or something a bit more intelligent?

the only thing I found there was a try to get mail from pop3 with a
wrong password, nothing else.

From who to what account?

I checked the open ports (not so many),
and found "Timbuktu srv4 on tcp port 1420". This service has now disappeard, I
closed every port, rechecked the firewall.

Does the firewall allow connections to this port?? How did you check the ports?
Try nmapping your machine from a know good install. (ie. not from localhost)
What processes were running? ("netstat -nap", "ps aufx")
How did you "close every port"?

I looked for Timbuktu and found
things about remote control for windows nt, so what is this timbuktu on my
SuSE Linux 7 system??? This stuff makes me sick, please can somebody
help.

Regards
Uwe

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx

---
Nix - nix@xxxxxxxxxxxxxxxx
http://www.susesecurity.com


< Previous Next >
This Thread
References