We have been having problems with SMTP through our firewall lately. Going
through the logs, I have found a specific IP address associated with most
SMTP errors in the log. When I try to do a traceroute or a whois on this
IP address I get an unknown host or an unknown network. It seems to be an
unassigned IP address, one that doesn't belong to an assigned block. I
have specifically blocked this IP address and have turned on block invalid
originators (we are already blocking relays), but I don't know if these
things will stop whoever from access this port on our firewall and causing
us problems. Time will tell. My questions are, how can we track down the
user of this IP address? Is it even possible? How many unassigned blocks
exist? Any suggestions on protecting ourselves from these IP addresses?
Our firewall is IBM SecureWay Firewall 4.11 and the IP address in question
is 208.225.214.81 (just in case I was doing something wrong in looking up
the address).
Thanks,
Lee Herbst
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
