Hi Guys, I have been having this problem as well. It is a SYN attack, which is a DOS (Denial Of Service) attack. It seems that the IMAIL 6.06 Web Messaging Server is susceptible to a SYN attack. I would be interested in hearing if IMAIL 7.0x is susceptible...
For those that don't know what a SYN attack is, a remote node initiates a TCP/IP conversation by sending a SYN packet. Normally, the conversation continues with the server replying, then the remote node continues the conversation, etc. In a SYN attack, the remote node sends the SYN packet and then stops reesponding, which basically locks up Web Messaging. If I block the IP address at our router, the problem goes away. You can detect it a couple of ways, but the easiest is if you have multiple IP addresses on your mail server. At the command prompt, type: C:> netstat -a -n Likely you will see many, many lines, but should be able to see: TCP xxx.xxx.xxx.xxx:80 yyy.yyy.yyy.yyy:nnn SYN_RECEIVED xxx.xxx.xxx.xxx represents one of your IP Addresses and the :80 means port 80 (your web port). yyy.yyy.yyy.yyy:nnn represents the IP Address of the remote node and the :nnn is the port they used. The SYN_RECEIVED is the socket state. If you have multiple IP Addresses, you will likely see several of your IP addresses in the SYN_RECEIVED state. Type the "netstat -a -n" command two or three times. If you see the same sets of addresses in the SYN_RECEIVED state over and over, then you have been attacked. Mike ----- Original Message ----- From: "Sunkist" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 05, 2002 8:00 PM Subject: Re: [IMail Forum] Web Messaging going nuts We are having this same problem as well... The initial login page works, then doesn't. Then reload it works, then it doesn't.. I too suspect some code red type problem. We are running an Imail dedicated machine, no IIS. Win 2K, 1GB Ram, Dual Pentium CPU, Imail 7.05 HF2 Sunkist ----- Original Message ----- From: "Jeff Kratka" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 05, 2002 3:49 PM Subject: [IMail Forum] Web Messaging going nuts > Hi, > > Over the past couple of days my web messaging service has been going up and > down. I have checked into the logs and don't see anything abnormal. It looks > like the Code Red type of problem but again I can't see anything in the > logs. > > Running AMD 600, Win2k AS, 256RAM, Imail v6.06 > > Suggestions? > > > Jeff > ****************************************************************** > TymeWyse Internet > P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 > tel/fax: (541) 839-6027 - [EMAIL PROTECTED] > ****************************************************************** > > > > Please visit http://www.ipswitch.com/support/mailing-lists.html > to be removed from this list. > > An Archive of this list is available at: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
