LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Does anyone know what these people are trying to do?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-25-2014, 12:01 AM   #1
baldur2630
Member
 
Registered: Jan 2007
Location: Belgium
Distribution: CentOS & Ubuntu
Posts: 173

Rep: Reputation: 22
Does anyone know what these people are trying to do?

I check my mail logs every day and I'm constantly 'under attack(?)' by ebay.

After stripping out all the genuine messages and just leaving the offending ones I get the following : -

Code:
00:09:14 365 DMN: MSG 956 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
00:09:14 365 DMN: MSG 956 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
00:43:09 365 DMN: MSG 960 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
00:43:09 365 DMN: MSG 960 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
01:08:56 365 DMN: MSG 962 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
01:08:56 365 DMN: MSG 962 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
01:29:01 365 DMN: MSG 966 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
01:29:01 365 DMN: MSG 966 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
01:52:04 365 DMN: MSG 969 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
01:52:04 365 DMN: MSG 969 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
02:12:57 365 DMN: MSG 974 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
02:12:57 365 DMN: MSG 974 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
02:59:01 365 DMN: MSG 978 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
02:59:01 365 DMN: MSG 978 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
03:26:30 36B DMN: MSG 986 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
03:26:30 36B DMN: MSG 986 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
03:55:30 365 DMN: MSG 990 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
03:55:30 365 DMN: MSG 990 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
04:16:37 365 DMN: MSG 1002 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
04:16:37 365 DMN: MSG 1002 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
04:32:30 365 DMN: MSG 1005 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
04:32:30 365 DMN: MSG 1005 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
04:54:01 36B DMN: MSG 1014 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
04:54:01 36B DMN: MSG 1014 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
05:12:28 365 DMN: MSG 1022 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
05:12:28 365 DMN: MSG 1022 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
05:33:00 365 DMN: MSG 1024 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
05:33:00 365 DMN: MSG 1024 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
05:59:33 365 DMN: MSG 1028 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
05:59:33 365 DMN: MSG 1028 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
006:27:04 365 DMN: MSG 1031 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
06:27:04 365 DMN: MSG 1031 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
06:57:37 365 DMN: MSG 1036 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
06:57:37 365 DMN: MSG 1036 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
07:10:16 365 DMN: MSG 1038 Accepted connection: [66.211.184.92] (mxphxpool1026.ebay.com)
07:10:16 365 DMN: MSG 1038 SMTP session ended: [66.211.184.92] (mxphxpool1026.ebay.com)
07:10:23 36B DMN: MSG 1039 Accepted connection: [66.135.215.85] (mxslcpool19.ebay.com)
07:10:23 36B DMN: MSG 1039 SMTP session ended: [66.135.215.85] (mxslcpool19.ebay.com)
07:11:01 370 DMN: MSG 1040 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
07:11:01 370 DMN: MSG 1040 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
07:29:47 36B DMN: MSG 1050 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
07:29:47 36B DMN: MSG 1050 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
07:32:03 36B DMN: MSG 1051 Accepted connection: [66.211.185.157] (mxphxpool1054.ebay.com)
07:32:03 36B DMN: MSG 1051 SMTP session ended: [66.211.185.157] (mxphxpool1054.ebay.com)
07:44:32 36B DMN: MSG 1054 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
07:44:32 36B DMN: MSG 1054 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
07:49:16 36B DMN: MSG 1057 Accepted connection: [66.135.215.94] (mxslcpool28.ebay.com)
07:49:16 36B DMN: MSG 1057 SMTP session ended: [66.135.215.94] (mxslcpool28.ebay.com)
07:54:43 36B DMN: MSG 1063 Accepted connection: [66.211.161.37] (mxphxpool37.ebay.com)
07:54:43 36B DMN: MSG 1063 SMTP session ended: [66.211.161.37] (mxphxpool37.ebay.com)
07:55:44 370 DMN: MSG 1064 Accepted connection: [66.211.184.119] (mxphxpool2024.ebay.com)
07:58:40 36B DMN: MSG 1067 Accepted connection: [66.135.215.103] (mxslcpool37.ebay.com)
07:58:40 36B DMN: MSG 1067 SMTP session ended: [66.135.215.103] (mxslcpool37.ebay.com)
07:59:24 370 DMN: MSG 1068 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
07:59:24 370 DMN: MSG 1068 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
08:00:09 36B DMN: MSG 1070 Accepted connection: [66.211.184.70] (mxphxpool1004.ebay.com)
08:00:09 36B DMN: MSG 1070 SMTP session ended: [66.211.184.70] (mxphxpool1004.ebay.com)
08:01:15 370 DMN: MSG 1071 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
08:01:15 370 DMN: MSG 1071 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
08:02:11 36B DMN: MSG 1072 Accepted connection: [66.211.161.28] (mxphxpool28.ebay.com)
08:12:30 36B DMN: MSG 1079 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
08:12:30 36B DMN: MSG 1079 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
08:27:41 36B DMN: MSG 1080 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
08:27:41 36B DMN: MSG 1080 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
08:34:12 36B DMN: MSG 1081 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
08:34:12 36B DMN: MSG 1081 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
08:41:28 370 DMN: MSG 1084 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
08:41:28 370 DMN: MSG 1084 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
08:49:32 370 DMN: MSG 1086 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
08:49:32 370 DMN: MSG 1086 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
08:57:28 370 DMN: MSG 1087 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
08:57:28 370 DMN: MSG 1087 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
09:03:24 370 DMN: MSG 1090 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
09:03:24 370 DMN: MSG 1090 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
09:12:27 370 DMN: MSG 1092 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
09:12:27 370 DMN: MSG 1092 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
09:27:29 370 DMN: MSG 1093 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
09:27:29 370 DMN: MSG 1093 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
09:36:03 370 DMN: MSG 1094 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
09:36:03 370 DMN: MSG 1094 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
09:41:17 370 DMN: MSG 1095 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
09:41:17 370 DMN: MSG 1095 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
09:49:23 370 DMN: MSG 1097 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
09:49:23 370 DMN: MSG 1097 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
09:58:20 370 DMN: MSG 1104 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
09:58:20 370 DMN: MSG 1104 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
10:03:54 370 DMN: MSG 1107 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
10:03:54 370 DMN: MSG 1107 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
10:13:29 370 DMN: MSG 1110 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
10:13:29 370 DMN: MSG 1110 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
10:28:46 370 DMN: MSG 1112 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
10:28:46 370 DMN: MSG 1112 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
10:36:59 370 DMN: MSG 1118 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
10:36:59 370 DMN: MSG 1118 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
10:43:12 370 DMN: MSG 1119 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
10:43:12 370 DMN: MSG 1119 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
10:58:18 36B DMN: MSG 1126 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
10:58:18 36B DMN: MSG 1126 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
11:08:59 36B DMN: MSG 1131 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
11:08:59 36B DMN: MSG 1131 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
11:13:14 36B DMN: MSG 1132 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
11:13:14 36B DMN: MSG 1132 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
111:29:05 36B DMN: MSG 1137 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
11:29:05 36B DMN: MSG 1137 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
11:37:16 36B DMN: MSG 1139 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
11:37:16 36B DMN: MSG 1139 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
11:43:11 370 DMN: MSG 1142 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
11:43:11 370 DMN: MSG 1142 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
11:58:50 365 DMN: MSG 1150 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
11:58:50 365 DMN: MSG 1150 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
12:07:14 365 DMN: MSG 1153 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
12:07:14 365 DMN: MSG 1153 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
12:12:41 365 DMN: MSG 1155 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
12:12:41 365 DMN: MSG 1155 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
12:22:48 365 DMN: MSG 1156 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
12:22:48 365 DMN: MSG 1156 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
12:25:58 365 DMN: MSG 1157 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
12:25:58 365 DMN: MSG 1157 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
12:37:43 365 DMN: MSG 1158 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
12:37:43 365 DMN: MSG 1158 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
12:40:41 365 DMN: MSG 1159 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
12:40:41 365 DMN: MSG 1159 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
12:56:41 365 DMN: MSG 1160 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
12:56:41 365 DMN: MSG 1160 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
113:07:09 365 DMN: MSG 1162 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
13:07:09 365 DMN: MSG 1162 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
13:10:43 365 DMN: MSG 1163 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
13:10:43 365 DMN: MSG 1163 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
113:26:26 365 DMN: MSG 1168 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
13:26:26 365 DMN: MSG 1168 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
13:36:20 365 DMN: MSG 1169 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
13:36:20 365 DMN: MSG 1169 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
13:40:45 36B DMN: MSG 1172 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
13:40:45 36B DMN: MSG 1172 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
1313:53:40 36B DMN: MSG 1180 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
13:53:40 36B DMN: MSG 1180 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
114:05:22 36B DMN: MSG 1184 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
14:05:22 36B DMN: MSG 1184 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
14:11:15 36B DMN: MSG 1186 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
14:11:15 36B DMN: MSG 1186 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
14:25:51 36B DMN: MSG 1187 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
14:25:51 36B DMN: MSG 1187 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
14:33:17 36B DMN: MSG 1191 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
14:33:17 36B DMN: MSG 1191 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
14:40:44 36B DMN: MSG 1192 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
14:40:44 36B DMN: MSG 1192 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
14:55:56 370 DMN: MSG 1197 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
14:55:56 370 DMN: MSG 1197 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
14:56:00 36B DMN: MSG 1198 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
14:56:00 36B DMN: MSG 1198 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
15:10:56 36B DMN: MSG 1200 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
15:10:56 36B DMN: MSG 1200 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
15:11:46 370 DMN: MSG 1201 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
15:11:46 370 DMN: MSG 1201 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
15:25:54 370 DMN: MSG 1205 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
15:25:54 370 DMN: MSG 1205 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
15:26:43 36B DMN: MSG 1206 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
15:26:43 36B DMN: MSG 1206 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
15:40:50 36B DMN: MSG 1211 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
15:40:50 36B DMN: MSG 1211 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
15:41:44 370 DMN: MSG 1212 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
15:41:44 370 DMN: MSG 1212 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
15:55:52 370 DMN: MSG 1213 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
15:55:52 370 DMN: MSG 1213 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
15:57:19 370 DMN: MSG 1216 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
15:57:19 370 DMN: MSG 1216 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
16:10:25 36B DMN: MSG 1218 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
16:10:25 36B DMN: MSG 1218 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
16:11:53 36B DMN: MSG 1219 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
16:11:53 36B DMN: MSG 1219 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
16:26:07 36B DMN: MSG 1222 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
16:26:07 36B DMN: MSG 1222 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
16:27:55 36B DMN: MSG 1223 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
16:27:55 36B DMN: MSG 1223 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
16:39:45 36B DMN: MSG 1225 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
16:39:45 36B DMN: MSG 1225 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
16:43:01 36B DMN: MSG 1226 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
16:43:01 36B DMN: MSG 1226 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
16:54:50 36B DMN: MSG 1227 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
16:54:50 36B DMN: MSG 1227 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
16:58:09 36B DMN: MSG 1229 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
16:58:09 36B DMN: MSG 1229 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
17:09:41 36B DMN: MSG 1230 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
17:09:41 36B DMN: MSG 1230 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
17:13:02 36B DMN: MSG 1232 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
17:13:02 36B DMN: MSG 1232 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
17:24:34 36B DMN: MSG 1235 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
17:24:34 36B DMN: MSG 1235 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
17:27:55 36B DMN: MSG 1236 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
17:27:55 36B DMN: MSG 1236 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
17:39:28 36B DMN: MSG 1239 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
17:39:28 36B DMN: MSG 1239 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
17:47:13 36B DMN: MSG 1243 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
17:47:13 36B DMN: MSG 1243 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
17:54:39 36B DMN: MSG 1244 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
17:54:39 36B DMN: MSG 1244 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
18:01:00 370 DMN: MSG 1248 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
18:01:00 370 DMN: MSG 1248 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
18:13:31 36B DMN: MSG 1251 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
18:13:31 36B DMN: MSG 1251 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
18:28:30 36B DMN: MSG 1252 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
18:28:30 36B DMN: MSG 1252 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
18:32:01 36B DMN: MSG 1253 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
18:32:01 36B DMN: MSG 1253 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
18:43:26 370 DMN: MSG 1257 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
18:43:26 370 DMN: MSG 1257 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
18:45:02 370 DMN: MSG 1259 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
18:45:02 370 DMN: MSG 1259 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
18:58:26 370 DMN: MSG 1261 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
18:58:26 370 DMN: MSG 1261 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
19:13:29 370 DMN: MSG 1267 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
19:13:29 370 DMN: MSG 1267 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
19:15:15 36B DMN: MSG 1269 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
19:15:15 36B DMN: MSG 1269 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
19:28:22 36B DMN: MSG 1275 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
19:28:22 36B DMN: MSG 1275 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
19:43:32 36B DMN: MSG 1279 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
19:43:32 36B DMN: MSG 1279 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
19:45:06 36B DMN: MSG 1280 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
19:45:06 36B DMN: MSG 1280 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
19:58:20 36B DMN: MSG 1281 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
19:58:20 36B DMN: MSG 1281 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
20:15:25 370 DMN: MSG 1285 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
20:15:25 370 DMN: MSG 1285 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
20:16:33 36B DMN: MSG 1286 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
20:16:33 36B DMN: MSG 1286 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
20:43:51 36B DMN: MSG 1292 Accepted connection: [66.211.185.147] (mxphxpool1044.ebay.com)
20:43:51 36B DMN: MSG 1292 SMTP session ended: [66.211.185.147] (mxphxpool1044.ebay.com)
20:46:19 36B DMN: MSG 1295 Accepted connection: [66.211.185.184] (mxphxpool1081.ebay.com)
20:46:19 36B DMN: MSG 1295 SMTP session ended: [66.211.185.184] (mxphxpool1081.ebay.com)
This is going on almost daily for several months now. The only way I can stop it, is to block the offending IP Addresses on the Firewall.

So far I've blocked the following ebay addresses : -

Code:
66.211.161.122
66.211.184.70
66.211.184.72
66.211.184.75
66.211.184.76
66.211.184.78
66.211.184.80
66.211.184.83
66.211.184.84
66.211.184.86
66.211.184.89
66.211.184.90
66.211.184.91
66.211.184.93
66.211.185.133
66.211.185.135
66.211.185.139
66.211.185.143
66.211.185.144
66.211.185.145
66.211.185.145
66.211.185.147
66.211.185.149
66.211.185.150
66.211.185.151
66.211.185.157
66.211.185.159
66.211.185.160
66.211.185.161
66.211.185.162
66.211.185.163
66.211.185.164
66.211.185.166
66.211.185.167
66.211.185.171
66.211.185.173
66.211.185.175
66.211.185.175
66.211.185.178
66.211.185.183
66.211.185.184
66.211.185.186
66.211.185.188
66.211.185.189
66.211.185.191
66.211.185.192
66.211.206.7
Can anyone tell me what these people are trying to do, There is no message, just a connection and then it's dropped. Are they trying to hack my computer, guess passwords, send spam or what? Has anyone else got this kind of behaviour?
Last edited by unSpawn; 05-25-2014 at 04:44 AM. Reason: //Encapsulate w code tags
 
Old 05-25-2014, 02:09 AM   #2
GaWdLy
Member
 
Registered: Feb 2013
Location: San Jose, CA
Distribution: RHEL/CentOS/Fedora
Posts: 457

Rep: Reputation: Disabled
Maybe someone has typo'd an IP address and they are hitting you on accident? If you recently got the IP address, perhaps it was an old eBay IP for one of their mail servers?

Unless you see other suspicious behavior, I'd consider it pretty benign (but sloppy, and annoying).

I'd reach out to eBay with our findings. I'm sure they would take your complaint seriously (especially if of ask them why they're trying to hack you).

If you want to put an end to the behavior, however, just us together a tcp wrapper rule to deny connections from their domain. Smtp should respond to tcp wrappers.

http://codeidol.com/unix/linux-troub...ocal-Services/
 
Old 05-25-2014, 05:54 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Quote:
Originally Posted by baldur2630 View Post
I check my mail logs every day and I'm constantly 'under attack(?)' by ebay.
Are you running an MTA (authoritative for a domain?) that eBay should try and deliver to in the first place?


Quote:
Originally Posted by baldur2630 View Post
So far I've blocked the following ebay addresses
You only need one rule for these eBay SMTP connections:
Code:
/sbin/iptables -t raw -A PREROUTING -p tcp -s 66.211.160.0/19 --dport 25 -m conntrack --ctstate NEW -j DROP
*BTW the last IP address in your list isn't eBay.
**BTW[1]: don't use tcp_wrappers.
 
Old 06-18-2014, 06:33 AM   #4
canussie
Member
 
Registered: Jun 2014
Location: Calgary
Posts: 50

Rep: Reputation: 7
Which mail server are you running ? You might want to check that you are not running an open relay....
 
Old 06-18-2014, 06:43 AM   #5
baldur2630
Member
 
Registered: Jan 2007
Location: Belgium
Distribution: CentOS & Ubuntu
Posts: 173

Original Poster
Rep: Reputation: 22
GroupWise - definitely NOT an open relay!!! How can I be sure, I hear you ask. Simple answer, I used to work for Novell EMEA Support (NDS & GroupWise).

I tried complaining to ebay, - as expected they ignored me, as did the a*********a from ConstantContact.
 
Old 06-18-2014, 03:39 PM   #6
derive
Member
 
Registered: Apr 2014
Distribution: debian
Posts: 42

Rep: Reputation: Disabled
Firewalling them out is just the ignorance as they do to you... can you give us your IP, or in private?
 
Old 06-19-2014, 12:11 AM   #7
baldur2630
Member
 
Registered: Jan 2007
Location: Belgium
Distribution: CentOS & Ubuntu
Posts: 173

Original Poster
Rep: Reputation: 22
In private. I'm not sure how many spammers / hackers visit this forum to get information to help them in their evil ways!
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How can I get people to use Linux? I'm bad at converting people over. Mr. Hill Linux - Newbie 50 07-11-2020 10:41 AM
Hello people!! hugohome LinuxQuestions.org Member Intro 1 07-14-2010 11:04 AM
Hello people vathsan LinuxQuestions.org Member Intro 1 05-13-2008 04:29 AM
Sup people. Darren_sd LinuxQuestions.org Member Intro 1 08-18-2007 03:50 PM
how you doing people happypenguin LinuxQuestions.org Member Intro 4 08-26-2003 02:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:45 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration