From owner-freebsd-isp Thu May 20 9:35:52 1999 Delivered-To: freebsd-isp@freebsd.org Received: from magicnet.magicnet.net (magicnet.magicnet.net [204.96.116.9]) by hub.freebsd.org (Postfix) with ESMTP id 1338715238 for ; Thu, 20 May 1999 09:35:24 -0700 (PDT) (envelope-from bill@bilver.magicnet.net) Received: (from uucp@localhost) by magicnet.magicnet.net (8.8.6/8.8.8) with UUCP id MAA12225 for freebsd-isp@freebsd.org; Thu, 20 May 1999 12:33:51 -0400 (EDT) Received: (from bill@localhost) by bilver.magicnet.net (8.9.1/8.9.1) id LAA25863 for freebsd-isp@freebsd.org; Thu, 20 May 1999 11:21:28 -0400 (EDT) From: Bill Vermillion Message-Id: <199905201521.LAA25863@bilver.magicnet.net> Subject: Re: 911 sombody using our sendmail server. In-Reply-To: <374423FC.65A774B1@jjsoft.com> from Jahanur R Subedar at "May 20, 1999 10: 2:21 am" To: freebsd-isp@freebsd.org Date: Thu, 20 May 1999 11:21:27 -0400 (EDT) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jahanur R Subedar recently said: > I need some help ver fast to catche a hacker. > Here is the signature. > bash-2.01$ ps -ax | grep sendmail > 121 ?? Is 0:03.00 sendmail: accepting connections on port 25 > (sendmail. > 25508 ?? I 0:00.02 sendmail: server bnetnt1.buz.net > [204.216.44.4] child > 25509 ?? S 0:03.43 sendmail: JAA25509 bnetnt1.buz.net > [204.216.44.4]: DA > I need to know how can I catche this person and ban him. > Please help me. Or what more do I need for evidence. I don't want to sound negative, but since you are on an ISP list, and the above information doesn't give _you_ a clue as to what to do, then you probably need someone to look over all your system. You do need to understand how things work if you wish to keep things runnning. ipw show that the address is in a netblock that belongs to Coral nslookup shows that the machine is bnetnt1.buz.net. whois shows the name and phone numbers of those responsible for those networks. The rest is up to you. -- bv@wjv.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message