Announcement

Collapse
No announcement yet.

Someone Using Our Mail Servers?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Someone Using Our Mail Servers?

    I have had several guests over the past couple of weeks with the following type of location:

    Unknown Location: 162.33.130.251:25?

    In many cases, there are seven (or even more) guests online at any one time, all with the above type of location all come back to the IP address of 216.144.230.5x. Now, I conducted a reverse on this IP address block, and it comes to...

    OrgName: Secured Private Network
    OrgID: SPNW

    NetRange: 216.144.224.0 -216.144.239.255
    CIDR: 216.144.224.0/20
    NetName: EWAN
    NetHandle: NET-216-144-224-0-1
    Parent: NET-216-0-0-0-0
    NetType: Direct Allocation
    NameServer: ns1.ewan1.com
    NameServer: ns2.ewan1.com
    Comment:
    RegDate: 2002-07-03
    Updated: 2002-08-28

    TechHandle: JB3327-ARIN
    TechName: Brittain, Jason
    TechPhone: +1-949-851-7190
    TechEmail: [email protected]

    Now, I'm thinking that this guy might be hijacking our mail ports to send spam, but I'm paranoid. Is this actually what might be happening? Or is there some other explanation?

    Most importantly, how do I correct this problem (if it is indeed a problem)?

  • #2
    Originally posted by Ron — DCS
    I have had several guests over the past couple of weeks with the following type of location:

    Unknown Location: 162.33.130.251:25?

    In many cases, there are seven (or even more) guests online at any one time, all with the above type of location all come back to the IP address of 216.144.230.5x. Now, I conducted a reverse on this IP address block, and it comes to...

    OrgName: Secured Private Network
    OrgID: SPNW

    NetRange: 216.144.224.0 -216.144.239.255
    CIDR: 216.144.224.0/20
    NetName: EWAN
    NetHandle: NET-216-144-224-0-1
    Parent: NET-216-0-0-0-0
    NetType: Direct Allocation
    NameServer: ns1.ewan1.com
    NameServer: ns2.ewan1.com
    Comment:
    RegDate: 2002-07-03
    Updated: 2002-08-28

    TechHandle: JB3327-ARIN
    TechName: Brittain, Jason
    TechPhone: +1-949-851-7190
    TechEmail: [email protected]

    Now, I'm thinking that this guy might be hijacking our mail ports to send spam, but I'm paranoid. Is this actually what might be happening? Or is there some other explanation?

    Most importantly, how do I correct this problem (if it is indeed a problem)?
    What type of mailserver are you running.
    There are only 10 types of people in the world: Those who understand binary, and those who don't

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X