Hi Mike, That's an interesting thought, but it's calling by ip address, however, I might be able to fool it with some clever routing.. I'll think about that one.
Also, to complete the picture.. It's only trying to send 'SYNC' packets.. That surely smells very suspicious.. For the time being I put Gordon's rules in ipchains and will let it run for a couple of hours. (have to go in a minute, duty calls) > Just a thought... If your NT server is doing a host lookup of > mail.btinternet.com (instead of having the IP hard coded), make an entry in > your hosts file pointing to a bogus local IP. Since NT always checks the > hosts file first for name resolution, your NT box will no longer be > "phoning home". > As a further exercise, if you use your e-smith's IP instead of a bogus IP > you might end up collecting some interesting mail from the NT box. kees -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
