Monday, January 13, 2003, 1:34:35 PM, [EMAIL PROTECTED] wrote:
>> I have been confused by an entry in my daily stats. Each and every day > shows >> the same number of connections from on of MY boxes, 63.237.136.17. This > box >> is used for my customers personal websites. Yet every day for over a month >> the box makes exactly 287 connections to my Imgate box. Below is a snippet >> from my logs grepping for a stmpd process associated with that IP address. >> Any thoughts. > Len already mentioned a cracked machine. That is one possibility. > Some form or application that is an open relay is another. >> Host/Domain Summary: SMTPD Connections (top 25) >> connections time conn. avg./conn. max. time host/domain >> ----------- ---------- ---------- --------- ----------- >> 287 0:00:22 0s 1s 63.237.136.17 > Was the below the whole log snippet? > There is very little from 63.237.136.17 in this log fragment. So little > that this looks like a probe. How about network managment software opening a connection and closing it to see if your server is running/answering SMTP? Do you have netsaint, nagios, etc. set up on that box to check the imgate? <snip> -- Chris Scott Host Orlando, Inc. http://www.hostorlando.com/
