[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] HELP- CacheRaq4 being attacked
- Subject: Re: [cobalt-security] HELP- CacheRaq4 being attacked
- From: "Dave @ The Hostworks" <dave@xxxxxxxxxxxxxxxx>
- Date: Mon, 7 Apr 2003 10:59:03 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Are you sure the traffic is generated by smtp?
A aggressive spammer can actually send out mass messages, and cloaking your
hostname, so in return, you get the undeliverable messages... Even if it was
sent from some other server, and some other idiot spammer.
----- Original Message -----
From: "Dawn D. Pfaltzgraff" <ddpfz@xxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Monday, April 07, 2003 10:33 AM
Subject: [cobalt-security] HELP- CacheRaq4 being attacked
> Over the past couple of days have noticed the traffic for a CacheRaq4 at
> one of our schools is seeing an INSANE amount of traffic. Also the
> administrator there keeps receiving a whole bunch of mail returned mail.
> (vulnerable SMTP, seems to be "undeliverable" spam). So anybody got any
> ideas? It's behind a Sonic Wall and the following ports are the only ones
> that appear to be open, netbios (137,138), telnet and squid (SMTP is
> opened). Now I have also noticed that everytime a "Squid child" starts up
> it exits on "signal 6". I'm not sure where to start on this one, if
> anyone has any suggestions, please let me know. As for updates, the box
> has been updated with the Cobalt updates and nothing else. Other than
> that... it's straight out of the box. Is squid a problem or something?
>
> Thanks,
> Dawn
>
>
> Dawn D. Pfaltzgraff
> System Administrator
> Premier Systems -plains.net
> ddpfz@xxxxxxxxxx
> (970-848-0475)
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>