Re: [TCLUG:2438] Somethings ... STATUS REPORT

To: tclug-list@listserv.real-time.com
Subject: Re: [TCLUG:2438] Somethings ... STATUS REPORT
From: Jon Schewe <jpschewe@usa.net>
Date: Wed, 2 Dec 1998 14:07:37 -0600 (CST)
References: <Pine.LNX.3.96.981202130405.3109B-100000@groucho.asw.local>
Reply-To: Jon Schewe <jpschewe@usa.net>

On Wed, Dec 2 1998, Richard Seymour wrote:
Richar> Left to figure out:
Richar> 
Richar> * Was / Is there a process running on my system that needs to be removed
Richar> or cleaned up?
Richar> * How can I set up a better (more suited to my needs) firewall that will
Richar> be more preventive in nature, but still allow me to get my work done?
Richar> * What else might have been comprimised? Passwords?
Richar> * Who did this? What were they doing? Will I get blamed for it? Etc.?
Richar> * If this _wasn't_ an attack from the outside, what could it have been?
Richar> 

Chances are that someone figured out that your machine was accepting relaying and so they atarted spamming off you.  What should help would be to make sure you have relaying turned off in sendmail.  If you want to be able to relay from some machines put those in /etc/mail/allow_relay, or something like that.

---
Jon Schewe
jpschewe@usa.net
http://tcfreenet.org/~schewe

Follow-Ups:
- RE: [TCLUG:2438] Somethings ... STATUS REPORT
  - From: "Eric Hillman" <ehillman@cccu.com>

References:
- Re: [TCLUG:2438] Somethings ... STATUS REPORT
  - From: Richard Seymour <rseymour@anarchysoftware.com>

Prev by Date: Re: [TCLUG:2449] Boot from hard drive using NT bootloader?
Next by Date: Re: [TCLUG:2449] Boot from hard drive using NT bootloader?
Prev by thread: Re: [TCLUG:2438] Somethings ... STATUS REPORT
Next by thread: RE: [TCLUG:2438] Somethings ... STATUS REPORT
Index(es):
- Date
- Thread