Re: security? -- public IP being flooded

["Jose M. Sanchez" <opjose ex-pressnet com>]

Wow, from what Chuck found, you are the victim of either a misconfigured
mail server, or someone is trying to utilize your machine as a relay host,
since the originating computer is a mail server...

You might want to try to contact someone in that domain.

-JMS

-----Original Message-----
From: Michael Jinks <michael twopoint com>
To: redhat-list redhat com <redhat-list redhat com>
Date: Tuesday, September 29, 1998 1:52 PM
Subject: security? -- public IP being flooded


>I have a masqing firewall which just started spewing the following line
>to its syslog, with syslog hovering between 80% and 100% CPU usage:
>
>Sep 29 12:57:50 lurch kernel: IP fw-in deny eth1 TCP 207.206.77.100:2040
>209.64.88.25:20 L=40 S=0x00 I=57698 F=0x0040 T=116
>
>
>lurch is the bastion host where the syslog is running, and eth1 is its
>public-side ethernet card.  209.64.88.25 is our public web/ftp server,
>which runs on a different host.  I've tried to do a DNS lookup of the
>207.206.77.100 IP address, but nobody seems to know it.  Am I being
>flooded?  What can I do about this?
>
>
>thanks,
>m
>
>
>--
>  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
>http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
>         To unsubscribe: mail redhat-list-request redhat com with
>                       "unsubscribe" as the Subject.
>