It could be one of a couple things: a DOS attack of some kind is possible or you could be getting used as a spam relay (the reason for most of the email spam on the net). In the first case, you'll want to make sure your SMTP server (usually sendmail) is up-to-date. In the second case, you'll want to make sure you have a nice lil firewall going (iptables) and make sure your mail server config has been edited properly. I often go through /var/log/secure* to see who's been connecting to things like telnet and FTP. When I get a lot of funny entries (t-dialin nodes for instance) I just add a rule to my firewall. If your mail server isn't needed by anyone else then just block all outside access to it, otherwise do some firewalling :) On Thu, 23 Oct 2003 rich-lists@xxxxxxxxxxxx wrote: > I was running the netstat -an command and I noticed that I have multiple > connections to port 25 on my server. My mail sending has been slow, so I > am guessing this is the reason. What I don't understand is why this IP > has multiple connections established to my port 25. In total there are > 13 connections. Is this a DOS attack or is this normal? I compared this > to our company mail server and there is nothing like this on it. > > > tcp 0 0 192.168.0.2:25 63.247.132.19:52355 > ESTABLISHED > tcp 0 0 192.168.0.2:25 63.247.132.19:52129 > ESTABLISHED > tcp 0 0 192.168.0.2:25 63.247.132.19:49572 > ESTABLISHED > tcp 0 0 192.168.0.2:25 63.247.132.19:52410 > ESTABLISHED > tcp 0 0 192.168.0.2:25 63.247.132.19:53274 > ESTABLISHED > tcp 0 0 192.168.0.2:25 63.247.132.19:52184 > ESTABLISHED > tcp 0 0 192.168.0.2:25 63.247.132.19:50527 > ESTABLISHED > tcp 0 0 192.168.0.2:25 63.247.132.19:51408 > ESTABLISHED > tcp 0 0 192.168.0.2:25 63.247.132.19:53012 > ESTABLISHED > tcp 0 0 192.168.0.2:25 63.247.132.19:50805 > ESTABLISHED > > Richard Humphrey > > > -- -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
