From owner-freebsd-security  Mon Jul 13 16:41:23 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA06005
          for freebsd-security-outgoing; Mon, 13 Jul 1998 16:41:23 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from goliath.camtech.net.au (goliath.camtech.net.au [203.5.73.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA05994
          for <freebsd-security@FreeBSD.ORG>; Mon, 13 Jul 1998 16:41:20 -0700 (PDT)
          (envelope-from newton@camtech.com.au)
Received: from sebastion.sa.camtech.com.au (sebastion.sa.camtech.com.au [203.28.3.2]) by goliath.camtech.net.au (8.8.5/8.8.2) with ESMTP id JAA29359; Tue, 14 Jul 1998 09:10:41 +0930 (CST)
Received: (from smtp@localhost) by sebastion.sa.camtech.com.au (8.8.5/8.8.7) id JAA20894; Tue, 14 Jul 1998 09:10:42 +0930 (CST)
Received: from slingshot(192.168.1.2) by sebastion via smap (V2.0)
	id xma020884; Tue, 14 Jul 98 09:10:15 +0930
Received: from frenzy.ct (newton@frenzy.ct [192.168.4.65]) by slingshot.camtech.com.au (8.6.12/8.6.12) with ESMTP id JAA07415; Tue, 14 Jul 1998 09:10:11 +0930
From: Mark Newton <newton@camtech.com.au>
Received: (from newton@localhost)
	by frenzy.ct (8.8.8/8.8.8) id JAA21739;
	Tue, 14 Jul 1998 09:10:10 +0930 (CST)
Message-Id: <199807132340.JAA21739@frenzy.ct>
Subject: Re: Question...
In-Reply-To: <3.0.3.32.19980713104816.03203d78@mail.plstn1.sfba.home.com> from Ludwig Pummer at "Jul 13, 98 10:48:16 am"
To: ludwigp@bigfoot.com (Ludwig Pummer)
Date: Tue, 14 Jul 1998 09:10:10 +0930 (CST)
Cc: stealth@sanet.ge, freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Ludwig Pummer wrote:
 
 > >tcp        0      0  access.pop3   ppp170-tc3.1658 TIME_WAIT
 > >tcp        0     87  access.smtp   egeo.unipg.it.4930 ESTABLISHED
 > >tcp        0    169  access.smtp   ARMINCO.COM.51685  ESTABLISHED
 > >tcp        0      0  access.3314   192.168.1.2.smtp   SYN_SENT
 > >                                   ^^^^^^^^^^^^^^^^ 
 > >tcp        0      0  access.smtp   interfuture.com.3509 TIME_WAIT
 > >
 > >I haven't any proxy server installed on my system or something look like
 > >it. Strange why in my system i see this IP ? What is it ?
 > 
 > My guess is someone either a) has an incorrectly set firewall/proxy gateway
 > system or b) is trying to hack/break your machine

That's a bit extreme:  His machine is making an *outbound* SMTP connection
to a host that doesn't appear to be answering.  Could it be that someone
has simply misaddressed some email?

Use the "mailq" (or "sendmail -bp") command to see what's stuck in
your mail queue.


    - mark

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message