[thelist] DNS: Security and Networking

Frank lists at frankmarion.com
Wed Jul 16 21:14:36 CDT 2003


Some yahoo, probably a professional spammer is hammering away at my machine 
24 hours a day, trying to get my SMTP to relay for him/her/it. I'm trying 
to get to the root of who this person is, but a trace route demonstrates a 
long trail of false reverse DNS entries.

http://samspade.org/t/trace?a=61.30.21.210 where 61.30.21.210 is obviously 
the yahoo's IP registered on my firewall, blocking roughly 20 taps per 
minute. The traced records yield a variety of Chinese companies, none of 
which are traceable themselves. the first traceable item on the route is a 
server in California. That actually makes sense, if one is being surrepticious.

How can I find out who this person is, and what actions, in any form 
whatsoever can I use to stop this dinkhead? My logs are growing by the hour.

Here's what I know. I've battened down the hatches. The only open ports 
remaining are the ones that I actually use. My SMTP relays are tighter than 
a nuns pucker on a cold day, and so is my FTP. The only one I might 
question is Apache, as the default install. I keep my virus definitions up 
to date on a daily basis, it's running 24/7 completing a full scan on a 
daily basis. Other than unplugging my machine,  and hiding it in a dark 
basement a duck-tapped up in a lead container, are there other ways to 
improve my security?


--
Frank Marion     lists at frankmarion.com      Keep the signal high.  



More information about the thelist mailing list