On Thursday 30 November 2000 09:18, you wrote: > > On Wed, 29 Nov 2000, gene wrote: > > There is an ip number that started showing up in my postfix logs > > as trying to access my smtp server (and access was apparently > > denied each time). I assumed that someone was trying to use > > my machine as a relay. To make sure that they can't get through, > > I blocked the ip address using ipchains. In one day, I now > > see over 600 failed attempts to access my computer. Should I > > just ignore this now that ipchains is blocking them, or is this > > something that should worry me. > > > > More details: > > ipchains message (my ip # x-ed out to protect the innocent): > > Nov 28 23:59:07 duck kernel: Packet log: input DENY eth1 PROTO=1 > > 63.98.105.3:8 208.xxx.xxx.xx1:0 L=60 S=0x00 I=6793 F=0x0000 T=114 (#1) > > > > nslookup for 63.98.105.3 gives nothing. > > traceroute ends at readersdigest-gw.customer.alter.net (157.130.210.42) > > You may want to ask Civileme at mandrakeuser forum if you dont get a > response from this list concerning how to get it touch with the culprits > ISP.He is quite knowledgable about those kinds of issues, an=mong other > things. The RED Hat List used to have all kinds of hacked notices and > several of their authorities were very helpful as well. > > Perhaps the Mandrake Folks could have a place to input problems like > some of us have. I know there is a Mandrake Security Group or List out > there but I think it mostly deals with things like that wuftpd flaw. > Why they still use it as a default ftp server on their CD's I am > somewhat puzzled !? > > Wish I actually had a concrete answer > > William Bouterse > Talkeetna Well, it is notjhing to write home about. Usually after a few days of denials, people strop trying to use the relay. But if it is a recurring IP, you can check www.ARIN.com or www.ripe.com to see who it is registered to and drop them a line addressed to postmaster at the servicing ISP. If that doesn't work, send a reject notice with that same originating address in the header for every one you receive. Use iplog to pull off this stunt and let the kiddie flood his own mailbox. Civileme
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
