Heyas,
I'm connected to esat surf nolimits for all of the time that it's still
cheap, and I've noticed recently that there's been an awful lot of people
checking out/attacking my box, even if I'm away from the computer, and
it's not doing anything but getting my mail every 5 minutes.
These are usually brute-force and common cgi expl0its, which normally end
up with the person trying to "nuke" me out of frustration.
Now, I don't usually worry about these, nor do I usually take any action
when I see them (script kiddies will be script kiddies), but last night I
got something in my tcpdump logs that I hadn't seen before. From about
1am till 5am, every half hour, I got an entry like this :
00:44:20.137989 165.21.XX.XXX > 194.145.131.102: icmp: host 155.69.X.XXX
unreachable - admin prohibited filter
(The uncensored IP address was my own dialup address)
This has me worried, mostly because it's something new. I also noticed
before I left for work that there were some mails in my mail queue, which
certainly weren't mine. I doubt this would be sendmail relaying stuff,
would it? The box is a fairly vanilla OpenBSD box, with no changes to the
default sendmail.cf file.
Could anyone shed any light on this?
- John
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
