[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Weird user on my SMTP

Subject: Re: [cobalt-security] Weird user on my SMTP
From: "Colin J. Raven" <cjraven@xxxxxxxxxxx>
Date: Sun, 25 Mar 2001 11:14:31 -0500 (EST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Sun, 25 Mar 2001, Carrie Bartkowiak wrote:

> > When I use Netstat -a to see what's happening on my box i keep
> seeing this
> > user on my smtp port.
> > tcp        0      0 128.242.221.53:smtp     213.201.148.18:62702
> > TIME_WAIT
> 
> After you added him to your hosts.deny file, did you try turning off
> email so that he'd be disconnected, then turning it back on?
> You might also want to check your email parameters and make sure this
> IP isn't allowed to send out mail; could be that he's hooked up to you
> and using you for a spam machine. (Make sure that he's listed in the
> GUI for not being able to connect also.) How recently have you done a
> check to see if you've been haqd?
I'd restart inetd too, to load all network services back up again. IIRC
(correct me if I'm off-base anyone please) restarting inetd will make the
sytem go look at hosts.allow and deny and reload 'em.

Regards,
-Colin
--
Colin J. Raven
Linux Registered User #82296
Sun Mar 25 11:12:01 EST 2001
 11:12am  up 25 days, 15:43,  1 user,  load average: 0.01, 0.02, 0.00

References:
- Re: [cobalt-security] Weird user on my SMTP
  - From: Carrie Bartkowiak

Prev by Date: [cobalt-security] RE: Weird user on my SMTP
Next by Date: [cobalt-security] Weird user on my SMTP
Previous by thread: Re: SV: [cobalt-security] Weird user on my SMTP
Next by thread: RE: [cobalt-security] Weird user on my SMTP

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index