SUMMARY: Is this a security concern?
2007-12-24 23:37:00
refusing to relay email. I checked my syslog (why didn't I do that
earlier? not enough sleep I suppose...) and there are attempts from the
IP address to send mail through all of my machines. Since the name and
IP do not resolve the same it is refusing.
Thanks again!
Begin forwarded message:
> From: Eric Williams <ewilliams at mail.wesleyan.edu>
> Date: Tue Sep 10, 2002 7:43:57 AM US/Eastern
> To: codeprof at codeprof.com
> Subject: Is this a security concern?
>
> I have been getting this message repeating in my message logs all day
> for a few days now. I searched for what would be causing it and at
> first it looked like a lookup problem. I nslookup'd the name and IP
> both using the DNS servers we have and they both resolve fine on this
> machine. Here is what I am getting:
>
> Sep 9 00:09:30 mymachine.edu last message repeated 1 time
> Sep 9 00:48:17 mymachine.edu rpc.nisd_resolv[219]:
> nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48.
> Sep 9 01:05:27 mymachine.edu last message repeated 1 time
> Sep 9 01:32:35 mymachine.edu rpc.nisd_resolv[219]:
> nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48.
> Sep 9 01:49:30 mymachine.edu last message repeated 1 time
> Sep 9 02:26:47 mymachine.edu rpc.nisd_resolv[219]:
> nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48.
> Sep 9 02:45:27 mymachine.edu last message repeated 1 time
> Sep 9 03:09:35 mymachine.edu rpc.nisd_resolv[219]:
> nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48.
> Sep 9 03:29:30 mymachine.edu last message repeated 1 time
> Sep 9 04:05:17 mymachine.edu rpc.nisd_resolv[219]:
> nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48.
> Sep 9 04:25:28 mymachine.edu last message repeated 1 time
> Sep 9 04:46:35 mymachine.edu rpc.nisd_resolv[219]:
> nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48.
> Sep 9 05:09:31 mymachine.edu last message repeated 1 time
> Sep 9 05:43:48 mymachine.edu rpc.nisd_resolv[219]:
> nres_gethostbyaddr: ab-gpr-a53-01-48.look.ca != 204.174.248.48.
> ,
> ,
> ,
>
> This just showed up a few days ago and at first I only had a few lines
> during a day. This repeats all day long now. Should I be concerned
> someone inside or out is trying something on my system? Any
> suggestions on tracking down the cause and killing it? I'll post a
> follow-up. Thanks!
>
> -----------------------------------------------------------------------
> -
> Eric Williams
> Wesleyan University
> ewilliams at wesleyan.edu
> AIM: radvelman
> 860 685-3664
> _______________________________________________
> codeprof mailing list
> codeprof at codeprof.com
> http://www.codeprof.com/execute/ask/?codeinfoid=17029
>
------------------------------------------------------------------------
Eric Williams
Wesleyan University
ewilliams at wesleyan.edu
AIM: radvelan
860 685-3664
Comments
Got something to say?
You must be logged in to post a comment.
