On Thu, Dec 06, 2001 at 01:51:57PM -0500, Michael Ward wrote: > I have been receiving the following entries at my firewall for since > noon US Eastern Time (-5:00) on 12/4/01. > > They have been coming every 15 minutes since then. I notified the owner > of the IP's and he hasn't responded yet. > > 12/04/2001 11:59:30.336 - TCP connection dropped - > Source:mail.domain-i-edited.com, 40454, WAN - > Destination:my.mail.server, 113, LAN - 'Authentication' - Rule 32 Its the SMTP AUTH protocol where a mail server tries to do an authenication check on who is sending it mail. I've turned this off on my mail server as it really doesn't do any good. I think some IRC servers use this feature. In my firewall I've setup this rule to handle these requests: -p tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable In short, nothing to be concerned about. Chris ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Dec 06 2001 - 12:45:52 PST