Well, let's see. If that is your IP, you don't have a firewall running,
as evidenced below. Also, you are quite possibly h4z0r3d.
I'd find out, and reinstall from scratch. Before I did that, I'd put up
a firewall. All it takes is an old 486 and a couple of NICs, running
either freesco or the netbsd firewall.
jkelly@octopus:~/programs/> nmap 66.157.2.42
Starting nmap V. 2.54BETA30 ( www.insecure.org/nmap/ )
Interesting ports on adsl-157-2-42.msy.bellsouth.net (66.157.2.42):
(The 1538 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
139/tcp open netbios-ssn
443/tcp open https
3306/tcp open mysql
5902/tcp open vnc-2
6000/tcp open X11
Nmap run completed -- 1 IP address (1 host up) scanned in 6 seconds
--Joey
On Thu, 2002-10-17 at 16:13, Chuck wrote:
> I have a Linux machine connected directly to the internet which is
> running qmail. The other day I got a bounced bounce message to some
> e-mail address at yahoo.com. I have no idea who this person is. Anyone
> familiar with how this person got this e-mail message sent and how they
> managed to insert details about my machine into the e-mail? I don't have
> an open mail relay.
>
> --- Below this line is a copy of the message.
>
> Return-Path: <anonymous@michoud.com>
> Received: (qmail 21624 invoked by uid 48); 13 Oct 2002 23:38:52 -0000
> Date: 13 Oct 2002 23:38:52 -0000
> Message-ID: <20021013233852.21622.qmail@michoud.com>
> From: anonymous@michoud.com
> To: cinik_worm@yahoo.com
> Subject: 192.168.0.1
>
> PROC
> processor : 0
> vendor_id : GenuineIntel
> cpu family : 6
> model : 7
> model name : Pentium III (Katmai)
> stepping : 3
> cpu MHz : 598.406
> cache size : 512 KB
> fdiv_bug : no
> hlt_bug : no
> f00f_bug : no
> coma_bug : no
> fpu : yes
> fpu_exception : yes
> cpuid level : 2
> wp : yes
> flags : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca
> cmov pat pse36 mmx fxsr sse
> bogomips : 1192.75
>
> MEM
> total used free shared buffers
> cached
> Mem: 384468 380912 3556 72 144292
> 119916
> -/+ buffers/cache: 116704 267764
> Swap: 1565376 0 1565376
> HDD
> Filesystem Size Used Avail Use% Mounted on
> /dev/hda2 2.2G 1.5G 668M 69% /
> /dev/hda1 49M 5.9M 41M 13% /boot
> /dev/hdb1 15G 6.4G 8.0G 45% /home
> /dev/hdb2 2.9G 534M 2.2G 20% /var
> none 188M 0 187M 0% /dev/shm
> IP
> eth0 Link encap:Ethernet HWaddr 00:E0:29:06:BC:BF
> inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:928799 errors:1 dropped:0 overruns:0 frame:0
> TX packets:820862 errors:3 dropped:0 overruns:0 carrier:3
> collisions:0 txqueuelen:100
> RX bytes:117780318 (112.3 Mb) TX bytes:293833047 (280.2 Mb)
> Interrupt:9
>
> eth1 Link encap:Ethernet HWaddr 00:10:4B:DA:2A:17
> inet addr:66.157.2.42 Bcast:66.157.3.255 Mask:255.255.252.0
> UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1
> RX packets:754829 errors:0 dropped:0 overruns:0 frame:0
> TX packets:870938 errors:0 dropped:0 overruns:0 carrier:0
> collisions:67 txqueuelen:100
> RX bytes:230141475 (219.4 Mb) TX bytes:107115112 (102.1 Mb)
> Interrupt:5 Base address:0x280 DMA chan:3
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> ___________________
> Nolug mailing list
> nolug@nolug.org
-- Joey Kelly Linux consultant in New Orleans, Louisiana, USA http://kellynet.dhs.org --- Alcohol and Calculus don't mix. Never drink and derive. ___________________ Nolug mailing list nolug@nolug.orgReceived on 10/17/02
This archive was generated by hypermail 2.2.0 : 12/19/08 EST