Linux-users under viral DOS attack
James McDonald
james
Wed Jun 22 18:01:17 PDT 2005
David Bandel wrote:
>FYI,
>
>I've received so many virus discarded messages in the past two days
>from 69.90.250.26, it's on the virge of a DOS attack.
>
>Someone has the above IP with a Windoze machine with our address in
>their Shithouse Distress address book and it's badly infected.
>
>If you recognize the above IP (doesn't reverse), please tell the luser
>to disconnect.
>
>Thanx,
>
>
>
>David A. Bandel
>
>
I suppose you could send an email to nick at cpanel.net and see if you get
a response ?
Port 25 tells me host name is mx1.cpanel.net so does most other stuff
soa for that domain is
dig -t soa mx1.cpanel.net
;; QUESTION SECTION:
;mx1.cpanel.net. IN SOA
;; AUTHORITY SECTION:
cpanel.net. 10800 IN SOA w.cpanel.net.
nick.cpanel.net. 2005061301 28808 7200 3600000 86400
telnet 69.90.250.26 25
Trying 69.90.250.26...
Connected to 69.90.250.26 (69.90.250.26).
Escape character is '^]'.
220-mx1.cpanel.net ESMTP Exim 4.51 #0 Wed, 22 Jun 2005 19:18:08 -0400
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
nmap 69.90.250.26
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-06-23 08:41 EST
Interesting ports on 69.90.250.26:
(The 1650 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
26/tcp open unknown
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
6666/tcp open irc-serv
More information about the Linux-users
mailing list