[SLE] mail logs, constant connect/disconnect from one site
From: Patrick Shanahan (WideGlide_at_SpeedyMail.Org)
Date: 08/30/03
- Previous message: Donn aka n5xwb Washburn: "[SLE] Yast2 from the console problem"
- Next in thread: gary: "Re: [SLE] mail logs, constant connect/disconnect from one site"
- Reply: gary: "Re: [SLE] mail logs, constant connect/disconnect from one site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 29 Aug 2003 22:48:40 -0500 To: suse-linux-e@suse.com
After disabling relays.osirusoft.com (DNSRBL), I was checking my mail
logs and found hundreds of:
wahoo postfix/smtpd[21655]: connect from unknown[61.248.137.183]
wahoo postfix/smtpd[21655]: disconnect from unknown[61.248.137.183]
Parsing input: 61.248.137.183
host 61.248.137.183 (getting name) no name
Reporting addresses:
spamrelay@certcc.or.kr
postmaster@shinbiro.com
abuse@shinbiro.com
and [pls forgive long lines]
wahoo postfix/smtpd[7629]: connect from CPE0050f2c347af-CM400026310183.cpe.net.cable.rogers.com[65.48.226.202]
wahoo postfix/smtpd[7629]: disconnect from CPE0050f2c347af-CM400026310183.cpe.net.cable.rogers.com[65.48.226.202]
and several others over the last 4/5 days.
The first listed, 61.248.137.183, tried for 3 solid hours 3 and 4 times
per second.
Are they trying to relay mail thru me, or what ???
tks,
-- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Donn aka n5xwb Washburn: "[SLE] Yast2 from the console problem"
- Next in thread: gary: "Re: [SLE] mail logs, constant connect/disconnect from one site"
- Reply: gary: "Re: [SLE] mail logs, constant connect/disconnect from one site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
- Nimda mostly infects /8-locally.
... Subject: Nimda mostly infects /8-locally. ... addresses encountered in the logs):
... This means, in particular, that the probability for Nimda to attack ... a host
in the same /8 portion of the IP address space is ... (Incidents) - Re[2]: Spoofed RFC1918 Network Source Addresses...
... Just for clarification, the host: ... exists outside the firewall and
the 10.x.x.x network addresses exist ... which given my theory (of return packets) does
not make much ... RF> Logs would be useful, ... (Incidents) - Re: SOHO firewall dropping incoming 443 connections - incorrect state
... I take it this sample snip of your logs is from a single session? ... client
host connecting to the firewall was a single host. ... because of the nature of HTTPS
requests it uses a different ephemeral ... (comp.security.firewalls) - RE: Firewall and Internet Reporting Software...Best One?
... Firewall and Internet Reporting Software...Best One? ... Webtrends offers very
good graphing, reporting, etc. ... since the firewall logs IP addresses rather than
user names of the ... (Security-Basics) - Re: DHCP Logging (cant find a solution!)
... ISA doesn't have "Client Host name" in Web logs (as it does in Firewall
... Don't use SecureNAT Clients and you will always ... (microsoft.public.windows.server.networking)
