[thelist] DNS: Security and Networking
Frank
lists at frankmarion.com
Wed Jul 16 21:14:36 CDT 2003
Some yahoo, probably a professional spammer is hammering away at my machine
24 hours a day, trying to get my SMTP to relay for him/her/it. I'm trying
to get to the root of who this person is, but a trace route demonstrates a
long trail of false reverse DNS entries.
http://samspade.org/t/trace?a=61.30.21.210 where 61.30.21.210 is obviously
the yahoo's IP registered on my firewall, blocking roughly 20 taps per
minute. The traced records yield a variety of Chinese companies, none of
which are traceable themselves. the first traceable item on the route is a
server in California. That actually makes sense, if one is being surrepticious.
How can I find out who this person is, and what actions, in any form
whatsoever can I use to stop this dinkhead? My logs are growing by the hour.
Here's what I know. I've battened down the hatches. The only open ports
remaining are the ones that I actually use. My SMTP relays are tighter than
a nuns pucker on a cold day, and so is my FTP. The only one I might
question is Apache, as the default install. I keep my virus definitions up
to date on a daily basis, it's running 24/7 completing a full scan on a
daily basis. Other than unplugging my machine, and hiding it in a dark
basement a duck-tapped up in a lead container, are there other ways to
improve my security?
--
Frank Marion lists at frankmarion.com Keep the signal high.
More information about the thelist
mailing list