Re: pop3 exploit????

[Kaneda Akira <k_aneda () yahoo com>]

It's possible that those servers are running old versions of daemons with
holes in them... did you check to see what version of pop3 they were
running... or any other daemon for that matter?

---
Kaneda Akira
ICQ#49107701
Email: k_aneda () yahoo com
--
That's why we spend so much time trying to understand our own
motivations and those of others.  That's what makes life so
interesting.
    -- Kaji, Evangelion Ep 18

On Sun, 14 Oct 2001, leon wrote:

> Date: Sun, 14 Oct 2001 01:20:00 -0400
> From: leon <leon () inyc com>
> To: vuln-dev () securityfocus com
> Subject: pop3 exploit????
>
> Hi everyone,
>
> I posted this to the incidents list already and no one seemed to know
> anything about it so I am posting it here because maybe someone here has
> a better "ear to the ground" so to speak.  Is there a new pop3 exploit
> out?  I constantly get scanned for the usual services (21, 23, 80,
> 12345, 27374, etc, etc) and when I scan these systems back the only
> thing they have in common (as far as running services) is 110 pop3.  Now
> some of these ips are running a multitude of services and were probably
> compromised by other means but some are solely running 110.  Does anyone
> know anything about this?  I don't have any banners grabbed but I do
> have a slew of ips.  Also, I don't really care because I am not running
> any of the services that they are looking for so it is more of annoyance
> then anything else but I am still curious if anyone has seen anything
> like this.  I have no clue if these ips are static or dynamic.  This is
> being written at 1:15 am EST on 10/14/2001.
>
> If anyone wants to comment on list or off please feel free to do so.
>
> Thanks,
>
> Leon
>
> 172.150.153.238
> 213.245.47.41
> 216.220.104.180
> 213.112.62.68
> 24.29.125.76
> 212.184.148.179
> 157.130.52.209
> 4.24.9.58
>
> PS: if you would like more ips please let me know there come in
> constantly I just figured that was enough.