[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Weird user on my SMTP
- Subject: [cobalt-security] Weird user on my SMTP
- From: "Lawrence Frewin of Accommodation.com" <Lawrence@xxxxxxxxxxxxxxxxx>
- Date: Sun, 25 Mar 2001 17:54:53 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Have you tried
netstat -ap | grep "*:*"
which will show the process & PID?
LF
----- Original Message -----
From: "ICDServers" <info@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Sunday, March 25, 2001 4:20 PM
Subject: [cobalt-security] RE: Weird user on my SMTP
> Carrie wrote:
>
> > When I use Netstat -a to see what's happening on my box i keep
> seeing this
> > user on my smtp port.
> > tcp 0 0 128.242.221.53:smtp 213.201.148.18:62702
> > TIME_WAIT
>
> >After you added him to your hosts.deny file, did you try turning off
> >email so that he'd be disconnected, then turning it back on?
>
> Yep, did that, didn't seem to work.
>
>
> >You might also want to check your email parameters and make sure this
> >IP isn't allowed to send out mail; could be that he's hooked up to you
> >and using you for a spam machine. (Make sure that he's listed in the
> >GUI for not being able to connect also.)
>
> Did that too, also doesn't seem to help. Very strange !
>
> How recently have you done a
> >check to see if you've been haqd?
>
> Yesterday as I was checking my raq for hacks I discovered this.
> Have you got any tips or clues to trace how long this has been so ?
>
> Regards,
>
> Peter Broerse
> ICDServers
>
> >CarrieB
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>