Re: smtp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



thanks a lot for solving this problem
but here just tell me one thing more that how u said that i m safe. is there tcpdump output telling something. if yes then how u judge it.


Regards
Azeem


From: Gavin Hamill <gdh@xxxxxxxxxxxxxx>
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: smtp
Date: Fri, 14 May 2004 20:47:23 +0100

On Friday 14 May 2004 19:54, azeem ahmad wrote:
> hi
> here is the out put even after blocking all smtp
> ---------------------------------------------------------------------------
>------------------------------------------------------
>21:17:31.259275
> 192.168.0.101.4730 > 207.24.89.66.smtp: S
> 556950735:556950735(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)


Notice how all of these are your infected PC trying to talk to the outside
world, and that there are no packets from the outside world to the infected
PC? This will be due to your iptables commands blocking this from happening..
and given that the snapshot took place over 4 seconds, I would say you're
quite safe :)


Yes, the infected PC will continue to spew out packets until it's fixed, but
there is no danger, and your Internet bandwidth will no longer be affected.


Cheers,
Gavin.


_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux