Date: Mon, 13 Jul 1998 17:17:28 -0700 (PDT) From: Javier Henderson <javier@kjsl.com> To: Mark Newton <newton@camtech.com.au> Cc: ludwigp@bigfoot.com (Ludwig Pummer), stealth@sanet.ge, freebsd-security@FreeBSD.ORG Subject: Re: Question... Message-ID: <199807140017.RAA19640@kjsl.com> In-Reply-To: <199807132340.JAA21739@frenzy.ct> References: <3.0.3.32.19980713104816.03203d78@mail.plstn1.sfba.home.com> <199807132340.JAA21739@frenzy.ct>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Newton writes: > Ludwig Pummer wrote: > > > >tcp 0 0 access.pop3 ppp170-tc3.1658 TIME_WAIT > > >tcp 0 87 access.smtp egeo.unipg.it.4930 ESTABLISHED > > >tcp 0 169 access.smtp ARMINCO.COM.51685 ESTABLISHED > > >tcp 0 0 access.3314 192.168.1.2.smtp SYN_SENT > > > ^^^^^^^^^^^^^^^^ > > >tcp 0 0 access.smtp interfuture.com.3509 TIME_WAIT > > > > > >I haven't any proxy server installed on my system or something look like > > >it. Strange why in my system i see this IP ? What is it ? > > > > My guess is someone either a) has an incorrectly set firewall/proxy gateway > > system or b) is trying to hack/break your machine > > That's a bit extreme: His machine is making an *outbound* SMTP connection > to a host that doesn't appear to be answering. Could it be that someone > has simply misaddressed some email? > > Use the "mailq" (or "sendmail -bp") command to see what's stuck in > your mail queue. It could be that someone's mail host does translate to that non-Internet-routable address. Perhaps said host's admin thought he's supposed to list the IP address of his Ethernet (or PPP or whatever) interface in the DNS, as opposed to the pre-translation one given to him by his ISP. -jav To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807140017.RAA19640>