Date: Thu, 20 May 1999 11:21:27 -0400 (EDT) From: Bill Vermillion <bill@bilver.magicnet.net> To: freebsd-isp@freebsd.org Subject: Re: 911 sombody using our sendmail server. Message-ID: <199905201521.LAA25863@bilver.magicnet.net> In-Reply-To: <374423FC.65A774B1@jjsoft.com> from Jahanur R Subedar at "May 20, 1999 10: 2:21 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Jahanur R Subedar recently said: > I need some help ver fast to catche a hacker. > Here is the signature. > bash-2.01$ ps -ax | grep sendmail > 121 ?? Is 0:03.00 sendmail: accepting connections on port 25 > (sendmail. > 25508 ?? I 0:00.02 sendmail: server bnetnt1.buz.net > [204.216.44.4] child > 25509 ?? S 0:03.43 sendmail: JAA25509 bnetnt1.buz.net > [204.216.44.4]: DA > I need to know how can I catche this person and ban him. > Please help me. Or what more do I need for evidence. I don't want to sound negative, but since you are on an ISP list, and the above information doesn't give _you_ a clue as to what to do, then you probably need someone to look over all your system. You do need to understand how things work if you wish to keep things runnning. ipw show that the address is in a netblock that belongs to Coral nslookup shows that the machine is bnetnt1.buz.net. whois shows the name and phone numbers of those responsible for those networks. The rest is up to you. -- bv@wjv.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199905201521.LAA25863>