SMTP Attacks
Harold Hallikainen
harold at hallikainen.com
Tue Oct 24 12:32:28 UTC 2006
In the past week, I've seen log entries like this pretty much every day.
This is on a Fedora 4 system. I'm running sshblack to get rid of the
thousands of ssh breaking attempts and have been using the included bl
command to add these ip addresses to the block list (which adds them to
iptables with instructions to drop the packets). Is that worthwile? Should
I do anything else? Again, these have only started showing up this week.
Thanks!
Harold
WARNING!!!! Possible Attack:
Attempt from 235.30.broadband2.iol.cz [83.208.30.235] with:
command=HELO/EHLO, count=3: 1 Time(s)
Attempt from 46.173.broadband6.iol.cz [88.101.173.46] with:
command=HELO/EHLO, count=3: 1 Time(s)
Attempt from [12.166.98.246] with:
command=HELO/EHLO, count=3: 1 Time(s)
Attempt from dslb-082-083-067-104.pools.arcor-ip.net [82.83.67.104] with:
command=HELO/EHLO, count=3: 1 Time(s)
Attempt from laly-s.bb.netvision.net.il [212.143.166.250] with:
command=HELO/EHLO, count=3: 1 Time(s)
Attempt from p54BB98E4.dip0.t-ipconnect.de [84.187.152.228] with:
command=HELO/EHLO, count=3: 1 Time(s)
Total: 6 Time(s)
**Unmatched Entries**
87-126-13-210.btc-net.bg [87.126.13.210] (may be forged): possible
SMTP attack:
command=HELO/EHLO, count=3: 1 Time(s)
--
FCC Rules Updated Daily at http://www.hallikainen.com - Advertising
opportunities available!
More information about the Redhat-install-list
mailing list