[KLUG Members] Am I just being paranoid?

Peter Buxton members@kalamazoolinux.org
Tue, 25 Feb 2003 23:04:19 -0500

Previous message: [KLUG Members] Am I just being paranoid?
Next message: [KLUG Members] Am I just being paranoid?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 25, 2003 at 09:04:48PM -0600, Russell Dillenburg wrote:

>  --------------------- sendmail Begin ------------------------ 
> 
> 172137 bytes transferred
> 61 messages sent
> 
> **Unmatched Entries**
> 
> h1O60Rv03101: ruleset=check_rcpt, arg1=<marvin%marvin.ordb.org@>, relay=ns.fgnet.dk [212.242.88.2], reject=550 5.7.1 <marvin%marvin.ordb.org@>... Relaying denied

Why yes, you're paranoid. This is the Open Relay Database, www.ordb.org,
testing your server. They are trying to ensure you are not an open
relay.

Everytime your server returns with "Relaying denied" you get a brownie
point. :-)

Thank you for posting this: I have wanted a comprehensive list of relay
tricks for a while.

>  ---------------- Connections (secure-log) Begin ------------------- 
> 
> **Unmatched Entries**
> Feb 23 19:10:07 russell sshd[2539]: Could not reverse map address 192.168.1.100.
> Feb 23 19:10:09 russell sshd[2539]: Accepted password for ROOT from 192.168.1.100 port 4178

Check: /etc/ssh/sshd_config and see if you have:

PermitRootLogin yes

set. You probably shouldn't. If this wasn't you logging into your own
machine, BTW, you've been fatally compromised, unless you have a machine
on your local network that could have had IP # 192.168.1.100 which you
used to log into your linux box, at which point 192.168.1.100 didn't
have a corresponding PTR record in DNS.

-- 
-216
i'm determined to stand, whether god
will deliver me or not. -- bob dylan

Previous message: [KLUG Members] Am I just being paranoid?
Next message: [KLUG Members] Am I just being paranoid?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]