On Wed, 29 Nov 2000, gene wrote: > There is an ip number that started showing up in my postfix logs > as trying to access my smtp server (and access was apparently > denied each time). I assumed that someone was trying to use > my machine as a relay. To make sure that they can't get through, > I blocked the ip address using ipchains. In one day, I now > see over 600 failed attempts to access my computer. Should I > just ignore this now that ipchains is blocking them, or is this > something that should worry me. > > More details: > ipchains message (my ip # x-ed out to protect the innocent): > Nov 28 23:59:07 duck kernel: Packet log: input DENY eth1 PROTO=1 > 63.98.105.3:8 208.xxx.xxx.xx1:0 L=60 S=0x00 I=6793 F=0x0000 T=114 (#1) > > nslookup for 63.98.105.3 gives nothing. > traceroute ends at readersdigest-gw.customer.alter.net (157.130.210.42) > You may want to ask Civileme at mandrakeuser forum if you dont get a response from this list concerning how to get it touch with the culprits ISP.He is quite knowledgable about those kinds of issues, an=mong other things. The RED Hat List used to have all kinds of hacked notices and several of their authorities were very helpful as well. Perhaps the Mandrake Folks could have a place to input problems like some of us have. I know there is a Mandrake Security Group or List out there but I think it mostly deals with things like that wuftpd flaw. Why they still use it as a default ftp server on their CD's I am somewhat puzzled !? Wish I actually had a concrete answer William Bouterse Talkeetna
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
