Re: Netstat -an readings

• Previous message: clemens_at_dwf.com: "Can I boot from a USB Disk?"
• In reply to: rich-lists_at_multicam.com: "Netstat -an readings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "Redhat-List@Redhat. Com" <redhat-list@redhat.com>
Date: Sat, 25 Oct 2003 00:09:17 -0400 (EDT)

It could be one of a couple things: a DOS attack of some kind is possible
or you could be getting used as a spam relay (the reason for most of the
email spam on the net). In the first case, you'll want to make sure your
SMTP server (usually sendmail) is up-to-date. In the second case, you'll
want to make sure you have a nice lil firewall going (iptables) and make
sure your mail server config has been edited properly. I often go through
/var/log/secure* to see who's been connecting to things like telnet and
FTP. When I get a lot of funny entries (t-dialin nodes for instance) I
just add a rule to my firewall. If your mail server isn't needed by anyone
else then just block all outside access to it, otherwise do some
firewalling :)

On Thu, 23 Oct 2003 rich-lists@multicam.com wrote:

> I was running the netstat -an command and I noticed that I have multiple
> connections to port 25 on my server. My mail sending has been slow, so I
> am guessing this is the reason. What I don't understand is why this IP
> has multiple connections established to my port 25. In total there are
> 13 connections. Is this a DOS attack or is this normal? I compared this
> to our company mail server and there is nothing like this on it.
>
>
> tcp 0 0 192.168.0.2:25 63.247.132.19:52355
> ESTABLISHED
> tcp 0 0 192.168.0.2:25 63.247.132.19:52129
> ESTABLISHED
> tcp 0 0 192.168.0.2:25 63.247.132.19:49572
> ESTABLISHED
> tcp 0 0 192.168.0.2:25 63.247.132.19:52410
> ESTABLISHED
> tcp 0 0 192.168.0.2:25 63.247.132.19:53274
> ESTABLISHED
> tcp 0 0 192.168.0.2:25 63.247.132.19:52184
> ESTABLISHED
> tcp 0 0 192.168.0.2:25 63.247.132.19:50527
> ESTABLISHED
> tcp 0 0 192.168.0.2:25 63.247.132.19:51408
> ESTABLISHED
> tcp 0 0 192.168.0.2:25 63.247.132.19:53012
> ESTABLISHED
> tcp 0 0 192.168.0.2:25 63.247.132.19:50805
> ESTABLISHED
>
> Richard Humphrey
>
>
>

-- 
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

• Previous message: clemens_at_dwf.com: "Can I boot from a USB Disk?"
• In reply to: rich-lists_at_multicam.com: "Netstat -an readings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Port 25 closing? ... connections to our mail server via port 25. ... port 25 (it can still RECEIVE e-mail since that goes over secure IMAP ... I can log onto the firewall, ... (Fedora) Re: Simple email pop3/smtp source - I get a bind error ... It works well with other connections except when trying to get ... Are you going to implement a mail server yourself? ... I am fairly new to socket programming btw. ... (microsoft.public.win32.programmer.networks) Re: Ipaq h555 Bluetooth GPS & popup Cannot Connect window ... I had disabled the mail server updates and disconnected all bluetooth ... The Skype software was able to work over WIFI with 128bit WEP enabled, ... And if all the blue tooth stuff is off except for paired connections, ... >> I have no network connections that I could make on the road so I would ... (microsoft.public.pocketpc.wireless) Re: IPTABLES question. ... |I am using iptables to block all computers except of internal mail server ... Are the two IP's on the same subnet? ... connections from another IP ... Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org ... (Fedora) Re: iptables, DNAT, and SMTP ... Did you sniff traffic on the client, the mail server and the barracuda to watch what's going on? ... connections to xxx.184.64.3 act as if there is nothing ... When nothing listens on a TCP port, ... Actually the SNAT rule is just an easy way to make the barracuda's replies go back to the NATing box without using special routing tricks. ... (comp.os.linux.networking)