LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Hosts from your domain are attacking our server
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 12-28-2004, 04:46 PM   #1
gomez
LQ Newbie
 
Registered: Jul 2004
Location: st. louis
Distribution: RH9
Posts: 13

Rep: Reputation: 0
Hosts from your domain are attacking our server

greetings!

i received this email and i'm not really sure what they're talking about:


Quote:
I'm sending you this mail because one or more IP addresses in your domain
are currently attacking our electronic mail server with a denial of service
attack consisting of multiple, rapid attempts to send mail to randomly
generated, non-existent email addresses.

Please take action with regard to the below hosts immediately to stop this
worm or virus. This attack may be reported to the U.S Federal Bureau of
Investigation for criminal prosecution. These hosts may also have been
blacklisted from sending mail to our server.


anyone have any ideas on what i need to do/fix? The server it's referring to i think is my RH9 box...

ideas? comments? questions?
 
Old 12-28-2004, 04:56 PM   #2
denver1980
Member
 
Registered: Dec 2004
Location: Québec
Distribution: Gentoo, Kubuntu Karmic
Posts: 48

Rep: Reputation: 15
Do you have a mail server on you Linux box or did you get this E-Mail from your address that your ISP gave you ?
If it came from your ISP ... delete it ... it's spam.
If you have a mail server on your Linux, look at your logs to see if you can find anything.
 
Old 12-28-2004, 04:57 PM   #3
gomez
LQ Newbie
 
Registered: Jul 2004
Location: st. louis
Distribution: RH9
Posts: 13

Original Poster
Rep: Reputation: 0
yes it's my own mail server, should i be looking for attempts to the domain i received it from?
 
Old 12-28-2004, 05:13 PM   #4
denver1980
Member
 
Registered: Dec 2004
Location: Québec
Distribution: Gentoo, Kubuntu Karmic
Posts: 48

Rep: Reputation: 15
Yes.
If you have a lot of entries, try to update you version of Sendmail (I assume you use Sendmail).
I know that the version of Sendmail in RH9 distro have some security leaks, so maybe someone is using it...

Can't help much more with technicalities cause I'm not very good with mail servers...

(edited for spell check)
Last edited by denver1980; 12-28-2004 at 05:14 PM.
 
Old 12-30-2004, 11:12 AM   #5
gomez
LQ Newbie
 
Registered: Jul 2004
Location: st. louis
Distribution: RH9
Posts: 13

Original Poster
Rep: Reputation: 0
found it! It was a worm on my of my XP boxes. It was hijacked (and also jacked beyond fixing) so i ghosted it and all the relaying stopped.

thanks!
 
Old 12-30-2004, 12:57 PM   #6
scowles
Member
 
Registered: Sep 2004
Location: Texas, USA
Distribution: Fedora
Posts: 620

Rep: Reputation: 30
FWIW: I configure my firewall to ONLY allow the IP address of my postfix MTA outbound SMTP connections. With this type of configuration - should a virus that installs a local MTA on a windows box try to send its crap... it gets blocked at the firewall.

Something you might want to consider for future reference
 
Old 01-03-2005, 12:05 PM   #7
gomez
LQ Newbie
 
Registered: Jul 2004
Location: st. louis
Distribution: RH9
Posts: 13

Original Poster
Rep: Reputation: 0
awesome! great idea!

thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Server cannot resolve any hosts! hydro Linux - Networking 5 02-16-2004 07:57 PM
SuSE 9, Samba server and Win2k server domain koskoboy Linux - Networking 3 12-11-2003 06:32 AM
Snort alert / Am i attacking ? exalik Linux - Security 6 10-22-2003 03:55 PM
attacking by http via port 80 LionKing Linux - Security 7 12-12-2002 12:08 PM
ISP attacking! drjimstuckinwin Linux - Security 9 08-10-2001 03:42 AM


All times are GMT -5. The time now is 05:35 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration