This morning from 10:45 to about 11:20 my log recorded about 2400
messages similar to these
11:17:09 1 PWD(tcp) Disconnect seq=43837: removed from the queue[10]. 10/11
11:17:09 1 PWD(tcp) Disconnect seq=43838: removed from the queue[10]. 10/11
11:17:10 1 SMTP(tcp) Disconnect seq=77825: removed from the queue[15]. 15/0
11:17:11 1 SMTP(tcp) Disconnect seq=77835: removed from the queue[0]. 0/1
11:17:11 3 PWD-343([129.15.12.141]) Abort Received, reason=60
11:17:11 3 PWD-343([129.15.12.141]) Reading Failed. Error Code=-25010. Read:
11:17:13 1 PWD(tcp) Disconnect seq=43867: removed from the queue[10]. 10/11
11:17:13 3 POP-610([129.15.12.141]) Abort Received, reason=60
11:17:13 3 POP-610([129.15.12.141]) Reading Failed. Error Code=-25010. Read:
11:17:13 1 PWD(tcp) Disconnect seq=43871: removed from the queue[10]. 10/11
11:17:15 1 POP(tcp) Disconnect seq=219712: removed from the queue[8]. 8/9
11:17:16 1 POP(tcp) Disconnect seq=219720: removed from the queue[8]. 8/9
11:17:17 3 POP-611([129.15.12.141]) Abort Received, reason=60
11:17:17 3 POP-611([129.15.12.141]) Reading Failed. Error Code=-25010. Read:
11:17:17 1 SMTP(tcp) Disconnect seq=77887: removed from the queue[0]. 0/1
11:17:17 1 POP(tcp) Disconnect seq=219729: removed from the queue[9]. 9/10
11:17:18 1 POP(tcp) Disconnect seq=219730: removed from the queue[9]. 9/10
Several other local machines besides 141 were buried in the sea of
Disconnect seq=
messages. 141 is a router, others are printers.
Is this an example of a DOS attack with spoofed addresses, or is
there some more benign explanation? It went away and has stayed away.
I did not see it in progress so I could not change the logging level
to get more info.
--
--
[EMAIL PROTECTED]
Department of Chemistry and Biochemistry, University of Oklahoma,
Norman Campus. Norman Oklahoma 73019-0370
(405) 325-7571 (405) 325-2843 fax (405) 325-6111
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
