2003005

	IMAP4 port probe
advICE :Intrusions : 2003005

FAQ

Oh my gosh, I'm being HACKED!!!

How do I report the hacker to my ISP?

I'm seeing lots of attacks, is this normal?

Summary
Scan
Details
A hacker may be scanning your system to see if the IMAP4 service is available on your system. Sometimes this is done in preparation for a future attack, or sometimes it is done to see if your system might be susceptible to attack.
A false-positive may occur if an application is temporarily unavailable.

more information

TCP port probe: This section describes more about the symptom of somebody probing ports on your system.
CERT: CA-98.09.imapd Buffer Overflow in Some Implementations of IMAP Servers: Problem in many IMAP servers that are based upon University of Washington code. In late 1998, this was a common attack in the wild.
CERT: CA-97.09.imap_pop Vulnerability in IMAP and POP

parametric information

port This indicates the TCP port that was probed.

reason The reason for the port probe.

Firewalled: the incoming TCP SYN or UDP frame was stopped by the firewall.

RSTsent: the incoming TCP SYN frame was rejected by the computer.

ICMPsent: the incoming UDP frame was rejected by the computer.

NOanswer: there was no response to the incoming SYN frame.

 
Version appeared: 2.5

IMAP4 port probe