[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] HELP- CacheRaq4 being attacked

Subject: [cobalt-security] HELP- CacheRaq4 being attacked
From: "Dawn D. Pfaltzgraff" <ddpfz@xxxxxxxxxx>
Date: Mon, 07 Apr 2003 08:33:08 -0600
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Over the past couple of days have noticed the traffic for a CacheRaq4 atone of our schools is seeing an INSANE amount of traffic. Also theadministrator there keeps receiving a whole bunch of mail returned mail.(vulnerable SMTP, seems to be "undeliverable" spam). So anybody got anyideas? It's behind a Sonic Wall and the following ports are the only onesthat appear to be open, netbios (137,138), telnet and squid (SMTP isopened). Now I have also noticed that everytime a "Squid child" starts upit exits on "signal 6". I'm not sure where to start on this one, ifanyone has any suggestions, please let me know. As for updates, the boxhas been updated with the Cobalt updates and nothing else. Other thanthat... it's straight out of the box. Is squid a problem or something?


Thanks,
Dawn


Dawn D. Pfaltzgraff
System Administrator
Premier Systems -plains.net
ddpfz@xxxxxxxxxx
(970-848-0475)

Follow-Ups:
- Re: [cobalt-security] HELP- CacheRaq4 being attacked
  - From: Dave @ The Hostworks

Prev by Date: Re: [cobalt-security] SSH sniffing
Next by Date: Re: [cobalt-security] HELP- CacheRaq4 being attacked
Previous by thread: Re: [cobalt-security] SSH sniffing
Next by thread: Re: [cobalt-security] HELP- CacheRaq4 being attacked

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index