From owner-freebsd-security  Mon Jul 13 17:17:52 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA14258
          for freebsd-security-outgoing; Mon, 13 Jul 1998 17:17:52 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from kjsl.com (Limpia.KJSL.COM [198.137.202.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA14249
          for <freebsd-security@FreeBSD.ORG>; Mon, 13 Jul 1998 17:17:48 -0700 (PDT)
          (envelope-from javier@kjsl.com)
Received: (from javier@localhost)
	by kjsl.com (8.8.5/8.8.5) id RAA19640;
	Mon, 13 Jul 1998 17:17:28 -0700 (PDT)
Date: Mon, 13 Jul 1998 17:17:28 -0700 (PDT)
Message-Id: <199807140017.RAA19640@kjsl.com>
From: Javier Henderson <javier@kjsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Mark Newton <newton@camtech.com.au>
Cc: ludwigp@bigfoot.com (Ludwig Pummer), stealth@sanet.ge,
        freebsd-security@FreeBSD.ORG
Subject: Re: Question...
In-Reply-To: <199807132340.JAA21739@frenzy.ct>
References: <3.0.3.32.19980713104816.03203d78@mail.plstn1.sfba.home.com>
	<199807132340.JAA21739@frenzy.ct>
X-Mailer: VM 6.33 under Emacs 19.34.1
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Mark Newton writes:
 > Ludwig Pummer wrote:
 >  
 >  > >tcp        0      0  access.pop3   ppp170-tc3.1658 TIME_WAIT
 >  > >tcp        0     87  access.smtp   egeo.unipg.it.4930 ESTABLISHED
 >  > >tcp        0    169  access.smtp   ARMINCO.COM.51685  ESTABLISHED
 >  > >tcp        0      0  access.3314   192.168.1.2.smtp   SYN_SENT
 >  > >                                   ^^^^^^^^^^^^^^^^ 
 >  > >tcp        0      0  access.smtp   interfuture.com.3509 TIME_WAIT
 >  > >
 >  > >I haven't any proxy server installed on my system or something look like
 >  > >it. Strange why in my system i see this IP ? What is it ?
 >  > 
 >  > My guess is someone either a) has an incorrectly set firewall/proxy gateway
 >  > system or b) is trying to hack/break your machine
 > 
 > That's a bit extreme:  His machine is making an *outbound* SMTP connection
 > to a host that doesn't appear to be answering.  Could it be that someone
 > has simply misaddressed some email?
 > 
 > Use the "mailq" (or "sendmail -bp") command to see what's stuck in
 > your mail queue.

	It could be that someone's mail host does translate to that
non-Internet-routable address. Perhaps said host's admin thought he's
supposed to list the IP address of his Ethernet (or PPP or whatever)
interface in the DNS, as opposed to the pre-translation one given to
him by his ISP.

-jav

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message