On Thu, 12 Jul 2001 15:53:36 PDT, MrG <p2mask2_xtiat_private> said: > 1.I have a SMTP server (behind my FW) who constantly > (>7 times per second) is trying to establish a TCP=25 > I know that my SMTP server has been compromise but How do you *know* it's been compromised? I've seen multiple systems that don't understand the meaning of "required delay before retry" as per RFC1123 - systems that in their normally broken state will retry over and over and over. I can sympathize with your 7x/sec - I once got hit by something that retried 10x/sec for about 2 days before I finally found the owner and chastised them.... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
This archive was generated by hypermail 2b30 : Fri Jul 13 2001 - 15:48:15 PDT