[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Lame Server messages

Subject: RE: [cobalt-security] Lame Server messages
From: "Curtis Ross" <Curtis_Ross@xxxxxx>
Date: Fri, 31 Aug 2001 10:54:34 -0600
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>  
> I'd just like to point out that my query was not about lame server
messages
> in general, but about specific instances of peculiarly high traffic -
1000
> lame server messages in a 1 hour period.  I get very few lame server
> messages the other 23 hours of the day.  Maybe 10. It now appears to
repeat
> each night in the same time slot and some if not many of the ip's are
.kr.
> 
> I searched the posts in this and other lists before I put my original
post
> up and found nothing similar to what I'm seeing here. I'd like to
think that
> any good admin in this list seeing a 1000 new error messages in their
logs
> would (again) question the security implications.  Who knows what the
next
> exploit looks like until it happens.
> 
> I'd still like to hear a good theory as to this sudden burst of
activity.
> 
> Thanks
> 
> T. Dwyer
> Indian Hill Media

Is there some possiblity that someone is relaying mail thru your server
and the domains it is coming from or going to are not resolving? Check
your maillog for those periods for volume of mail.

Curtis

Prev by Date: [cobalt-security] Lame Server messages
Next by Date: Re: [cobalt-security] Lame Server messages
Previous by thread: [cobalt-security] Lame Server messages
Next by thread: RE: [cobalt-security] Lame Server messages

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index