We're seeing the same thing.. Is this normal? 20020609 000244 127.0.0.1 SMTPD (04230230) [192.168.1.200] connect 192.168.1.200 port 2996 20020609 000313 127.0.0.1 SMTPD (queue run) 145 0 34 20020609 000344 127.0.0.1 SMTPD (04250230) [192.168.1.200] connect 192.168.1.200 port 3000 20020609 000444 127.0.0.1 SMTPD (04260230) [192.168.1.200] connect 192.168.1.200 port 3003 20020609 000544 127.0.0.1 SMTPD (04270230) [192.168.1.200] connect 192.168.1.200 port 3006 20020609 000645 127.0.0.1 SMTPD (04280230) [192.168.1.200] connect 192.168.1.200 port 3009 20020609 000745 127.0.0.1 SMTPD (04290230) [192.168.1.200] connect 192.168.1.200 port 3012 20020609 000845 127.0.0.1 SMTPD (042A0230) [192.168.1.200] connect 192.168.1.200 port 3015 20020609 000945 127.0.0.1 SMTPD (042B0230) [192.168.1.200] connect 192.168.1.200 port 3018 20020609 001046 127.0.0.1 SMTPD (042E0230) [192.168.1.200] connect 192.168.1.200 port 3021 20020609 001118 127.0.0.1 SMTPD (042F0230) [192.168.1.209] connect 64.238.245.164 port 1699
looks like a whole lot of connecting going on with nothing happening. Does the SMTP 'ready' ports for action? Possible worm infiltration? ~Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Pepper Sent: Monday, June 10, 2002 8:50 AM - MGMT.TV To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] Strange Web Messaging Log Entries Repeated Len, 216.180.13.xxx are *our* addresses. The IP in question is a machine in the building that no one had access to at the time. ----- Original Message ----- From: "Len Conrad" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 10, 2002 7:33 AM Subject: Re: [IMail Forum] Strange Web Messaging Log Entries Repeated > > >We are seeing hundreds of these entries in our logs > > >, coming from web > >messaging on one of our local computers to our mail server. Yet, it doesn't > >appear any messaging is being done? What could this be? > > assume the worst, block that Class C at your edge router > > >20020607 223330 127.0.0.1 IWEBMSG (844) Info - 216.180.13.110 > >Mozilla/4.0 (compatible; MSIE 5.01; Windows 98) GET > >/Xac939d98cbc9c99bc99f721ea7c4/menu.8064.cgi?mbx=Main HTTP/1.1. > >20020607 223330 127.0.0.1 IWEBMSG (844) Request processed with no > >referer and user agent 216.180.13.110. > >20020607 223426 127.0.0.1 SMTPD (0378014E) [216.180.13.2] connect > >216.180.13.2 port 2170 > >20020607 223526 127.0.0.1 SMTPD (0379014E) [216.180.13.2] connect > >216.180.13.2 port 2175 > >20020607 223626 127.0.0.1 SMTPD (037A014E) [216.180.13.2] connect > >216.180.13.2 port 2178 > > dig -x 216.180.13.2 > > ; <<>> DiG 8.3 <<>> -x > ;; res options: init recurs defnam dnsrch > ;; got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 > ;; QUERY SECTION: > ;; 2.13.180.216.in-addr.arpa, type = ANY, class = IN > > ;; ANSWER SECTION: > 2.13.180.216.in-addr.arpa. 1D IN PTR ntserve.sharpcom.com. > > ;; AUTHORITY SECTION: > 13.180.216.in-addr.arpa. 1D IN NS ns1.HiWAAY.net. > 13.180.216.in-addr.arpa. 1D IN NS ns2.HiWAAY.net. > > ;; ADDITIONAL SECTION: > ns1.HiWAAY.net. 1D IN A 216.180.99.6 > ns2.HiWAAY.net. 1D IN A 216.180.122.6 > > ;; Total query time: 14500 msec > ;; FROM: mgw1.meiway.com to SERVER: default -- 212.73.210.69 > ;; WHEN: Mon Jun 10 14:31:12 2002 > ;; MSG SIZE sent: 43 rcvd: 155 > > Len > > > www.menandmice.com/DNS-training : DNS Training > BIND8NT.MEIway.com : ISC BIND for NT4 & W2K > IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways > > > Please visit http://www.ipswitch.com/support/mailing-lists.html > to be removed from this list. > > An Archive of this list is available at: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Please visit the Knowledge Base for answers to frequently asked > questions: http://www.ipswitch.com/support/IMail/ > Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/ ___________________________________________________________________ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. ___________________________________________________________________ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
