On Mon, 7 Nov 2005 08:34:42 +0300 "Alexei Korobkin" <[EMAIL PROTECTED]> wrote:
> Dear James, > > Sun, 6 Nov 2005 15:38:16 -0700, James Lay -> Ntop: > > JL> So here it is: > JL> **WARNING** Unknown protocol (no FTP/SMTP) detected (trojan?) at > JL> port 25 slave-tothe-box.net:47318 -> cutechinchillas.com:25 > JL> [220-server.acsn1.com ESMTP Exim 4.52 #1 Sun, 06 Nov 2005 17:21:20 > JL> -0500 ^M 220-We do not authorize the use of this system to > JL> transport unsolicited, ^M 220 and/or bulk e-mail.^M ] > JL> Any thoughts on this? Thanks! > > Where did you get this messages? What is this host and how is it > related with ntop? > > -- > With best regards, Alexei Korobkin. The host slave-tothe-box.net is this host here running postfix. An internal machine here had sent en email to cutechinchillas.com, but it looked like either the user was unknown, or that cutechinchillas.com thought it was trying to be used as a relay. This is related to ntop as it is running with -q and -L so I can see funky packets. My question is why did ntop tag this as Unknown protocol? Does that help? Thanks! James _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
