[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] HELP- CacheRaq4 being attacked

Subject: RE: [cobalt-security] HELP- CacheRaq4 being attacked
From: "Randy Russell" <rrussell@xxxxxxxxxxxxxx>
Date: Mon, 7 Apr 2003 11:38:08 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

It might a squid problem. We had Qube 3 with squid (Web caching on) and it
was used as a method for spammer to relay their mail because of bug. Once we
turn it off, that traffic stop. Sun came out a with a security patch to fix
it. The problem is now fixed. We have it on.  I don't know about for Raq
Cache 4.

Do you have the Raq4 Cache on the DMZ port of the SonicWall? If so what
model do you have?

-Randy

-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Dave @ The
Hostworks
Sent: Monday, April 07, 2003 7:59 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] HELP- CacheRaq4 being attacked


Are you sure the traffic is generated by smtp?

A aggressive spammer can actually send out mass messages, and cloaking your
hostname, so in return, you get the undeliverable messages... Even if it was
sent from some other server, and some other idiot spammer.


----- Original Message -----
From: "Dawn D. Pfaltzgraff" <ddpfz@xxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Monday, April 07, 2003 10:33 AM
Subject: [cobalt-security] HELP- CacheRaq4 being attacked


> Over the past couple of days have noticed the traffic for a CacheRaq4 at
> one of our schools is seeing an INSANE amount of traffic.  Also the
> administrator there keeps receiving a whole bunch of mail returned mail.
> (vulnerable SMTP, seems to be "undeliverable" spam).  So anybody got any
> ideas? It's behind a Sonic Wall and the following ports are the only ones
> that appear to be open, netbios (137,138), telnet and squid (SMTP is
> opened).  Now I have also noticed that everytime a "Squid child" starts up
> it exits on  "signal 6".  I'm not sure where to start on this one, if
> anyone has any suggestions, please let me know.    As for updates, the box
> has been updated with the Cobalt updates and nothing else.  Other than
> that... it's straight out of the box.  Is squid a problem or something?
>
> Thanks,
> Dawn
>
>
> Dawn D. Pfaltzgraff
> System Administrator
> Premier Systems -plains.net
> ddpfz@xxxxxxxxxx
> (970-848-0475)
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>


_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- Re: [cobalt-security] HELP- CacheRaq4 being attacked
  - From: Dave @ The Hostworks

Prev by Date: Re: [cobalt-security] HELP- CacheRaq4 being attacked
Next by Date: [cobalt-security] Re: HELP- CacheRaq4 being attacked
Previous by thread: Re: [cobalt-security] HELP- CacheRaq4 being attacked
Next by thread: [cobalt-security] Re: HELP- CacheRaq4 being attacked

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index