On Sun, 25 Mar 2001, Carrie Bartkowiak wrote:
> > When I use Netstat -a to see what's happening on my box i keep
> seeing this
> > user on my smtp port.
> > tcp 0 0 128.242.221.53:smtp 213.201.148.18:62702
> > TIME_WAIT
>
> After you added him to your hosts.deny file, did you try turning off
> email so that he'd be disconnected, then turning it back on?
> You might also want to check your email parameters and make sure this
> IP isn't allowed to send out mail; could be that he's hooked up to you
> and using you for a spam machine. (Make sure that he's listed in the
> GUI for not being able to connect also.) How recently have you done a
> check to see if you've been haqd?
I'd restart inetd too, to load all network services back up again. IIRC
(correct me if I'm off-base anyone please) restarting inetd will make the
sytem go look at hosts.allow and deny and reload 'em.
Regards,
-Colin
--
Colin J. Raven
Linux Registered User #82296
Sun Mar 25 11:12:01 EST 2001
11:12am up 25 days, 15:43, 1 user, load average: 0.01, 0.02, 0.00
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
