My FC3 machine appears to be compromised, please help
Bob Brennan
rbrennan96 at gmail.com
Thu Apr 6 19:24:21 UTC 2006
On 4/6/06, Les Mikesell <lesmikesell at gmail.com> wrote:
> On Thu, 2006-04-06 at 12:24, Paul Howarth wrote:
> > >
> > > Couldnt similar be achieved by making temporary entries in /etc/hosts
> > > without having to install anything?
> >
> > No, because sendmail can't lookup MX records using the hosts file and
> > will always try DNS first, regardless of nsswitch.conf settings.
>
> >From what has been posted so far, the MX records appear to
> be right and CNAMES aren't particularly involved in mail
> delivery except to the extent that any MX records associated
> with the target are inherited by the CNAME, but that doesn't
> seem to be the case here.
>
> The only thing that might confuse sendmail about its name
> is the reverse lookup for its interface address and that
> still looks right from here:
>
> nslookup 83.104.235.34
> Non-authoritative answer:
> 34.235.104.83.in-addr.arpa name = rbrennan.demon.co.uk.
>
> Does that give a different answer on the machine in question?
>
> --
> Les Mikesell
> lesmikesell at gmail.com
Below is the results of nslookups both ways. As you can see the
nslookup of mi-server.net does not include the proper IP, only Mr
Nasty's whoever it is that is taking all my email from me. What does
http://mi-server.net deiver on the outside world? I can't see it since
my own hosts file keeps me on my LAN.
C:\nslookup 83.104.235.34
Server: cache-1.ns.demon.net
Address: 158.152.1.58
Name: rbrennan.demon.co.uk
Address: 83.104.235.34
C:\nslookup mi-server.net
Server: cache-1.ns.demon.net
Address: 158.152.1.58
Non-authoritative answer:
Name: wc.funnel.revenuedirect.com.akadns.net
Addresses: 69.25.47.165, 66.150.161.58
Aliases: mi-server.net, wc.traffic.puredns.com
More information about the fedora-list
mailing list