OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: RE: [snort] [**] SYN FIN Scan [**]
From: Jerry Shenk (jasdect.com)
Date: Wed Mar 08 2000 - 14:55:45 CST

linux comes with pop2 enabled....so even if you never use it, if there is an
exploit for it and you have it turned on, somebody else can help themselves
to it.

===== Original Message from "Mullen, Patrick" <snortbofh.kyrnet.kg> at
3/08/00 2:33 pm
>> I have been getting a whole lot of these scans on pop2
>> aswell, anyone know is there a new exploit out?
>
>Does anyone even use POP2? Granted, I went from
>BBSs to Prodigy email back before the Web really
>existed and before Prodigy had Net access to Vax
>mail right to POP3, but I've never even heard of POP2
>in existance except as a useless line in /etc/services.
>
>(BTW, I've been getting probes to 109 on my home
>machine as well...)
>
>The last BugTraq post regarding pop-2 was 26 May 1999.
>
>http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-05-22&m
>sg=Pine.LNX.3.96.990526202259.4439A-100000ferret.lmh.ox.ac.uk
>
>Get a remote shell as user 'nobody.' Not detrimental
>to your machine, but great for bouncing attacks and
>obfuscating the attack route or passing the blame.
>
>Totally unrelated topic, but does anyone know of an
>sPOP client? I run SSLWrap for my IMAP server, but
>I don't see a way to get Netscape to use it. Am I
>just blind (highly likely)?
>
>
>Thanks,
>
>~Patrick

Jerry A. Shenk, MCNE
Sr. Systems Engineer - Computer Networking Services
D&E Communications, Inc.
jshenkdecommunications.com
1-877-433-8632 Fax via efax: (603) 250-1453
my website: www.dect.com/jas