[OT] HELP!!! mail attack
Rodolfo Alcazar Portillo
rodolfo.alcazar at padep.org.bo
Wed Mar 26 11:23:49 UTC 2008
Hello. Since monday, our mailserver (FC5), behind a firewall, is
suffering a heavy DoS mail attack. We have a user account,
amanda.davila at padep.org.bo and it is receiving millions of emails from
very different sites of the planet. Since now, my only action was
deleting the account from /etc/password, and the traffic permits
working. We suspect a virus attack...
What else can we do? We would appreciate any help with this issue. Here,
a 20 seconds log by 07:15 GMT-4 (too early, many pcs off).
# tethereal |grep RCPT
0.030421 193.115.206.80 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
0.084245 193.195.46.98 -> 192.168.1.15 SMTP Command: RCPT To:<amanda.davila at padep.org.bo>
0.813207 193.115.206.80 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
1.196831 221.246.173.133 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
1.214975 221.246.173.133 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
1.330348 203.162.4.185 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
1.633672 193.115.206.80 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
1.999373 64.22.97.151 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
2.674852 193.115.206.80 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
2.783758 212.241.250.110 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
3.420356 71.86.28.162 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
3.785264 193.115.206.80 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
4.742188 193.115.206.80 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
5.525666 81.80.63.187 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
5.617303 193.115.206.80 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
5.854842 71.86.28.162 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
5.863718 70.103.68.218 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
5.868905 70.103.68.218 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
6.096777 59.124.4.190 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
6.436249 193.115.206.80 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
6.466815 66.249.92.172 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
7.262385 193.115.206.80 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
7.397907 71.86.28.162 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
10.592647 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
10.594863 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
10.646376 81.72.107.178 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
11.262748 212.135.207.34 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
11.383742 203.162.4.185 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
11.538739 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
11.568291 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
11.988369 203.190.60.202 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
12.501307 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
12.528634 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
12.807326 220.152.32.164 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
13.115271 212.135.207.34 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
13.453285 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
13.474763 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
14.099809 212.135.207.34 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
14.393268 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
14.429214 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
15.034781 212.135.207.34 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
15.053775 212.135.207.34 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
15.337869 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
15.378731 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
15.868339 189.32.131.187 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
16.258275 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
16.312235 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
16.633300 210.162.25.47 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
17.149183 210.147.8.9 -> 192.168.1.15 SMTP Command: RCPT To:<amanda.davila at padep.org.bo>
17.225328 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
17.237639 189.32.131.187 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
17.272639 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
17.673762 84.12.48.115 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
17.698118 84.12.48.115 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
18.182747 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
18.206657 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
18.422710 141.156.107.252 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
18.433819 141.156.107.252 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
18.588780 189.32.131.187 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
18.810259 210.162.25.47 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
19.128838 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
19.167259 140.186.109.125 -> 192.168.1.15 SMTP Command: RCPT TO:<amanda.davila at padep.org.bo>
Here you can find a more detailed log:
http://www.padep.org.bo/log20080325/
Thanks, again...
----------------------------------------------
Rodolfo Alcazar - rodolfo.alcazar at padep.org.bo
otbits.blogspot.com / counter.li.org: #367962
----------------------------------------------
"Träume nicht dein Leben, lebe deinen Traum."
- Unbekannter Autor
More information about the fedora-list
mailing list