[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Weird user on my SMTP
- Subject: Re: [cobalt-security] Weird user on my SMTP
- From: "Colin J. Raven" <cjraven@xxxxxxxxxxx>
- Date: Sun, 25 Mar 2001 11:14:31 -0500 (EST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Sun, 25 Mar 2001, Carrie Bartkowiak wrote:
> > When I use Netstat -a to see what's happening on my box i keep
> seeing this
> > user on my smtp port.
> > tcp 0 0 128.242.221.53:smtp 213.201.148.18:62702
> > TIME_WAIT
>
> After you added him to your hosts.deny file, did you try turning off
> email so that he'd be disconnected, then turning it back on?
> You might also want to check your email parameters and make sure this
> IP isn't allowed to send out mail; could be that he's hooked up to you
> and using you for a spam machine. (Make sure that he's listed in the
> GUI for not being able to connect also.) How recently have you done a
> check to see if you've been haqd?
I'd restart inetd too, to load all network services back up again. IIRC
(correct me if I'm off-base anyone please) restarting inetd will make the
sytem go look at hosts.allow and deny and reload 'em.
Regards,
-Colin
--
Colin J. Raven
Linux Registered User #82296
Sun Mar 25 11:12:01 EST 2001
11:12am up 25 days, 15:43, 1 user, load average: 0.01, 0.02, 0.00