[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] HELP- CacheRaq4 being attacked
- Subject: [cobalt-security] HELP- CacheRaq4 being attacked
- From: "Dawn D. Pfaltzgraff" <ddpfz@xxxxxxxxxx>
- Date: Mon, 07 Apr 2003 08:33:08 -0600
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Over the past couple of days have noticed the traffic for a CacheRaq4 at
one of our schools is seeing an INSANE amount of traffic. Also the
administrator there keeps receiving a whole bunch of mail returned mail.
(vulnerable SMTP, seems to be "undeliverable" spam). So anybody got any
ideas? It's behind a Sonic Wall and the following ports are the only ones
that appear to be open, netbios (137,138), telnet and squid (SMTP is
opened). Now I have also noticed that everytime a "Squid child" starts up
it exits on "signal 6". I'm not sure where to start on this one, if
anyone has any suggestions, please let me know. As for updates, the box
has been updated with the Cobalt updates and nothing else. Other than
that... it's straight out of the box. Is squid a problem or something?
Thanks,
Dawn
Dawn D. Pfaltzgraff
System Administrator
Premier Systems -plains.net
ddpfz@xxxxxxxxxx
(970-848-0475)