Date: Mon, 13 Jul 1998 20:46:33 -0600 From: "Aaron D. Gifford" <agifford@infowest.com> To: security@FreeBSD.ORG Subject: Re: Question... Message-ID: <35AAC689.8488381@infowest.com> References: <3.0.3.32.19980713104816.03203d78@mail.plstn1.sfba.home.com> <199807132340.JAA21739@frenzy.ct> <199807140017.RAA19640@kjsl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Mark Newton writes: > > Ludwig Pummer wrote: > > > > > >tcp 0 0 access.pop3 ppp170-tc3.1658 TIME_WAIT > > > >tcp 0 87 access.smtp egeo.unipg.it.4930 ESTABLISHED > > > >tcp 0 169 access.smtp ARMINCO.COM.51685 ESTABLISHED > > > >tcp 0 0 access.3314 192.168.1.2.smtp SYN_SENT > > > > ^^^^^^^^^^^^^^^^ > > > >tcp 0 0 access.smtp interfuture.com.3509 TIME_WAIT > > > > > > > >I haven't any proxy server installed on my system or something look like > > > >it. Strange why in my system i see this IP ? What is it ? > > > > > > My guess is someone either a) has an incorrectly set firewall/proxy gateway > > > system or b) is trying to hack/break your machine > > > > That's a bit extreme: His machine is making an *outbound* SMTP connection > > to a host that doesn't appear to be answering. Could it be that someone > > has simply misaddressed some email? > > > > Use the "mailq" (or "sendmail -bp") command to see what's stuck in > > your mail queue. Let me concur and agree with the above 100%. It IS an OUTGOING SMTP connection FROM your very own host. That the destination is an RFC reserved IP address is unusual, but could be explained in any number of ways. It could be one of your legitimate SMTP users sending a message to an address (bogus address) that resolves via MX or A records in the DNS to this RFC address. Or it could be a double-bounce like many spammers use. Let me repeat what Mark Newton wrote: Use mailq and see what's stuck in your queue. You could filter this RFC address in question till you turn blue in the face and it won't change a thing since it is your host trying to initiate the connection. That's why the state is still SYN_SENT. Aaron out. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35AAC689.8488381>