[lug] imap hacking?

Tue Jul 15 06:31:11 MDT 2003

Someone was visiting all my servers trying to hack my imap ports.
They didn't get in, but I'm wondering if there's a new attack out
there.

It's coming from a dial in in Germany.  Here's a sample of entries:

Jul 14 08:58:43 my-host imapd[5653]: Login failed: no CRAM-MD5 entry user=web auth=web host=pD9524D51.dip.t-dialin.net [217.82.77.81]
Jul 14 08:58:43 my-host imapd[5654]: Login failed: no CRAM-MD5 entry user=administrator auth=administrator host=pD9524D51.dip.t-dialin.net [217.82.77.81]
Jul 14 08:58:43 my-host imapd[5660]: Login failed: no CRAM-MD5 entry user=oracle auth=oracle host=pD9524D51.dip.t-dialin.net [217.82.77.81]
Jul 14 08:58:44 my-host imapd[5661]: Login failed: no CRAM-MD5 entry user=sybase auth=sybase host=pD9524D51.dip.t-dialin.net [217.82.77.81]
Jul 14 08:58:44 my-host imapd[5662]: Login failed: no CRAM-MD5 entry user=lizdy auth=lizdy host=pD9524D51.dip.t-dialin.net [217.82.77.81]

I'm running imapd-2001a-1.72.0 for RH 7.2, which was last updated on
4/25/02. 

Thanks,
Rob