[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] HELP Spam attack

Subject: Re: [cobalt-users] HELP Spam attack
From: Larry Smith <lesmith@xxxxxxxxx>
Date: Mon Dec 9 09:02:01 2002
Organization: ECSIS.NET
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Monday 09 December 2002 10:12 am, Dawn D. Pfaltzgraff wrote:
> Does it have to be someone inside our network?  How can
> I track this down.  Please let me know what other info I might have that
> could be helpful.

Dawn,

No, but it appears to be from your network:

<QUOTE>
Dec  9 07:42:03 sage sendmail[7666]: gethostbyaddr(206.168.65.251) failed: 1
Dec  9 07:42:03 sage sendmail[7666]: gethostbyaddr(206.168.65.250) failed: 1
Dec  9 07:42:03 sage sendmail[7666]: HAA07666: from=admin, size=15963, 
class=0, pri=615963, nrcpts=20, 
msgid=<200212091442.HAA07666@xxxxxxxxxxxxxxx>, relay=admin@localhost
</QUOTE>

It appears that 206.168.65.1 has a "name" - great.plains.net - BUT - that 
none of your other IP addresses in this block (206.168.65.0/24) have been 
assigned DNS names.  While the combination of the various logs is required to 
really tell what is happening, ( auth, secure, maillog) it appears that 
either IP 206.168.65.250 or IP 206.168.65.251 is sending the mail - which 
also appears to be your IP range (eg inhouse)...

-- 
Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx

References:
- [cobalt-users] HELP Spam attack
  - From: Dawn D. Pfaltzgraff

Prev by Date: Re: [cobalt-users] [RaQ4,550] Installing a RAQ4 ISO on a 550?
Next by Date: [cobalt-users] mail problem
Previous by thread: [cobalt-users] HELP Spam attack
Next by thread: RE: [cobalt-users] HELP Spam attack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index