현재 위치

›› Forums ›› 공부 ›› 설치 및 활용 QnA

[질문] root가 다음과 같이 메일을 자꾸 보냅니다. ㅠ.ㅠ

zaru의 이미지
글쓴이: zaru / 작성시간: 화, 2004/10/05 - 4:11오후

root가 다음과 같은 내용의 메일을 보냈습니다.

Quote:
제목 : galaxy 10/05/04:07.01 ACTIVE SYSTEM ATTACK!
내용 :
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Oct 5 06:08:38 galaxy sendmail[15643]: i94L8ZHJ015643: [222.183.143.180]: possible SMTP attack: command=AUTH, count=4

Security Violations
=-=-=-=-=-=-=-=-=-=
Oct 5 06:04:27 galaxy sendmail[15626]: i94L4RHJ015626: [211.194.88.28] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0
Oct 5 06:06:05 galaxy sendmail[15634]: i94L65HJ015634: ruleset=check_rcpt, arg1=<pjy@mydomain.co.kr>, relay=[61.75.4.240], reject=550 5.2.1 <pjy@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 06:08:26 galaxy sendmail[15642]: i94L8OHJ015642: ruleset=check_rcpt, arg1=<moneyhunter99@hanmail.net>, relay=[222.101.102.208], reject=550 5.7.1 <moneyhunter99@hanmail.net>... Relaying denied. IP name lookup failed [222.101.102.208]
Oct 5 06:08:38 galaxy sendmail[15643]: i94L8ZHJ015643: [222.183.143.180]: possible SMTP attack: command=AUTH, count=4
Oct 5 06:09:11 galaxy sendmail[15643]: i94L8ZHJ015643: [222.183.143.180] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0
........................
Oct 5 06:58:45 galaxy sendmail[15815]: i94LwjHJ015815: ruleset=check_rcpt, arg1=<brian@mydomain.co.kr>, relay=[218.17.168.173], reject=550 5.2.1 <brian@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 06:58:46 galaxy sendmail[15815]: i94LwjHJ015815: ruleset=check_rcpt, arg1=<simon@mydomain.co.kr>, relay=[218.17.168.173], reject=550 5.2.1 <simon@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 06:58:46 galaxy sendmail[15815]: i94LwjHJ015815: ruleset=check_rcpt, arg1=<pjy@mydomain.co.kr>, relay=[218.17.168.173], reject=550 5.2.1 <pjy@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 06:58:46 galaxy sendmail[15815]: i94LwjHJ015815: ruleset=check_rcpt, arg1=<simon@mydomain.co.kr>, relay=[218.17.168.173], reject=550 5.2.1 <simon@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 07:00:29 galaxy sendmail[15820]: i94M0SHJ015820: ruleset=check_rcpt, arg1=<hgkong@mydomain.co.kr>, relay=[218.54.227.119], reject=550 5.2.1 <hgkong@mydomain.co.kr>... Mailbox disabled for this recipient


후에 계속 다음과 같은 메일을 보내 옵니다. 서버에 무슨 일이 일어나고 있는 것인지요. 그리고 어떤 조치를 해 주어야 하는지요
Quote:
제목 : galaxy 10/05/04:15.01 system check
내용 :

Security Violations
=-=-=-=-=-=-=-=-=-=
Oct 5 14:01:30 galaxy sendmail[19482]: i9551UHJ019482: ruleset=check_rcpt, arg1=<simon@mydomain.co.kr>, relay=[220.76.136.103], reject=550 5.2.1 <simon@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:02:02 galaxy sendmail[19493]: i95522HJ019493: ruleset=check_rcpt, arg1=<daniel@mydomain.co.kr>, relay=[220.76.136.103], reject=550 5.2.1 <daniel@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:04:41 galaxy sendmail[19546]: i9554fHJ019546: ruleset=check_rcpt, arg1=<daniel@mydomain.co.kr>, relay=[222.101.15.38], reject=550 5.2.1 <daniel@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:25:06 galaxy sendmail[19696]: i955P6HJ019696: ruleset=check_rcpt, arg1=<pjy@mydomain.co.kr>, relay=[218.1.160.161], reject=550 5.2.1 <pjy@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:29:03 galaxy sendmail[19705]: i955T3HJ019705: 203-204-17-34.adsl.static.giga.net.tw [203.204.17.34] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0
Oct 5 14:33:01 galaxy sendmail[19724]: i955X1HJ019724: ruleset=check_rcpt, arg1=<search@mydomain.co.kr>, relay=[220.117.17.230], reject=550 5.2.1 <search@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:39:16 galaxy sendmail[19731]: i955dGHJ019731: ruleset=check_rcpt, arg1=<daniel@mydomain.co.kr>, relay=[218.36.232.74], reject=550 5.2.1 <daniel@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:45:47 galaxy sendmail[19874]: i955jkHJ019874: ruleset=check_rcpt, arg1=<daniel@mydomain.co.kr>, relay=[211.222.250.210], reject=550 5.2.1 <daniel@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:45:47 galaxy sendmail[19874]: i955jkHJ019874: ruleset=check_rcpt, arg1=<simon@mydomain.co.kr>, relay=[211.222.250.210], reject=550 5.2.1 <simon@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:54:07 galaxy sendmail[19911]: i955s6HJ019911: [222.101.92.75] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0
Oct 5 14:54:57 galaxy sendmail[19912]: i955srHJ019912: ruleset=check_rcpt, arg1=<hgkong@mydomain.co.kr>, relay=[220.93.72.196], reject=550 5.2.1 <hgkong@mydomain.co.kr>... Mailbox disabled for this recipient

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Oct 5 14:04:59 galaxy popper[19548]: gethostby*.getanswer: asked for "localhost", got "realname"
Oct 5 14:05:11 galaxy popper[19549]: gethostby*.getanswer: asked for "localhost", got "realname"
Oct 5 14:44:37 galaxy popper[19870]: gethostby*.getanswer: asked for "localhost", got "realname"
Oct 5 14:44:42 galaxy popper[19872]: gethostby*.getanswer: asked for "localhost", got "realname"
Oct 5 14:04:59 galaxy xinetd[544]: START: pop3 pid=19548 from=211.219.40.222
Oct 5 14:05:10 galaxy xinetd[544]: START: pop3 pid=19549 from=211.219.40.222
Oct 5 14:44:37 galaxy xinetd[544]: START: pop3 pid=19870 from=211.219.40.222
Oct 5 14:44:42 galaxy xinetd[544]: START: pop3 pid=19872 from=211.219.40.222
Oct 5 14:01:00 galaxy sendmail[19475]: makeconnection: service "smtp" unknown
Oct 5 14:01:30 galaxy sendmail[19482]: i9551UHJ019482: ruleset=check_rcpt, arg1=<simon@mydomain.co.kr>, relay=[220.76.136.103], reject=550 5.2.1 <simon@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:02:02 galaxy sendmail[19493]: i95522HJ019493: ruleset=check_rcpt, arg1=<daniel@mydomain.co.kr>, relay=[220.76.136.103], reject=550 5.2.1 <daniel@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:03:21 galaxy sendmail[19494]: i9552tHJ019494: <finback@inus.co.kr>... User unknown
Oct 5 14:04:40 galaxy sendmail[19528]: i9554dHJ019528: <dada@inus.co.kr>... User unknown
Oct 5 14:04:41 galaxy sendmail[19546]: i9554fHJ019546: ruleset=check_rcpt, arg1=<daniel@mydomain.co.kr>, relay=[222.101.15.38], reject=550 5.2.1 <daniel@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:04:59 galaxy popper[19548]: [drac]: dracauth returned -1: localhost: RPC: Unknown host
Oct 5 14:05:01 galaxy popper[19548]: Stats: keeper 42 118339 8 131408 211.219.40.222 211.219.40.222
Oct 5 14:05:11 galaxy popper[19549]: [drac]: dracauth returned -1: localhost: RPC: Unknown host
Oct 5 14:05:12 galaxy popper[19549]: Stats: kpryu 5 379990 124 4357049 211.219.40.222 211.219.40.222
Oct 5 14:06:49 galaxy sendmail[19556]: i9556ZHJ019556: <finback@inus.co.kr>... User unknown
Oct 5 14:06:50 galaxy sendmail[19556]: i9556ZHJ019556: <vivo@inus.co.kr>... User unknown
Oct 5 14:15:55 galaxy sendmail[19635]: i955FtHJ019635: <vivo@inus.co.kr>... User unknown
Oct 5 14:18:36 galaxy sendmail[19672]: i955IaHJ019672: <vivo@inus.co.kr>... User unknown
Oct 5 14:20:29 galaxy sendmail[19675]: i955KSHJ019675: <vivo@inus.co.kr>... User unknown
Oct 5 14:20:52 galaxy sendmail[19680]: i955KpHJ019680: <vivo@inus.co.kr>... User unknown
Oct 5 14:24:09 galaxy sendmail[19686]: i955O8HJ019686: <finback@inus.co.kr>... User unknown
Oct 5 14:25:06 galaxy sendmail[19696]: i955P6HJ019696: ruleset=check_rcpt, arg1=<pjy@mydomain.co.kr>, relay=[218.1.160.161], reject=550 5.2.1 <pjy@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:28:22 galaxy sendmail[19698]: i955SMHJ019698: <finback@inus.co.kr>... User unknown
Oct 5 14:28:31 galaxy sendmail[19700]: i955SVHJ019700: <finback@inus.co.kr>... User unknown
Oct 5 14:29:03 galaxy sendmail[19705]: i955T3HJ019705: 203-204-17-34.adsl.static.giga.net.tw [203.204.17.34] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0
Oct 5 14:32:03 galaxy sendmail[19720]: i955W2HJ019720: <finback@inus.co.kr>... User unknown
Oct 5 14:33:01 galaxy sendmail[19724]: i955X1HJ019724: ruleset=check_rcpt, arg1=<search@mydomain.co.kr>, relay=[220.117.17.230], reject=550 5.2.1 <search@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:35:43 galaxy sendmail[19728]: i955ZgHJ019728: <finback@inus.co.kr>... User unknown
Oct 5 14:39:16 galaxy sendmail[19731]: i955dGHJ019731: ruleset=check_rcpt, arg1=<daniel@mydomain.co.kr>, relay=[218.36.232.74], reject=550 5.2.1 <daniel@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:44:37 galaxy popper[19870]: [drac]: dracauth returned -1: localhost: RPC: Unknown host
Oct 5 14:44:38 galaxy popper[19870]: Stats: keeper 0 0 12 138868 211.219.40.222 211.219.40.222
Oct 5 14:44:42 galaxy popper[19872]: [drac]: dracauth returned -1: localhost: RPC: Unknown host
Oct 5 14:44:42 galaxy popper[19872]: Stats: kpryu 0 0 124 4357071 211.219.40.222 211.219.40.222
Oct 5 14:44:55 galaxy sendmail[19873]: i955itHJ019873: <finback@inus.co.kr>... User unknown
Oct 5 14:45:47 galaxy sendmail[19874]: i955jkHJ019874: ruleset=check_rcpt, arg1=<daniel@mydomain.co.kr>, relay=[211.222.250.210], reject=550 5.2.1 <daniel@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:45:47 galaxy sendmail[19874]: i955jkHJ019874: ruleset=check_rcpt, arg1=<simon@mydomain.co.kr>, relay=[211.222.250.210], reject=550 5.2.1 <simon@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:48:00 galaxy sendmail[19885]: i955m0HJ019885: <vivo@inus.co.kr>... User unknown
Oct 5 14:49:44 galaxy sendmail[19888]: i955nhHJ019888: <vivo@inus.co.kr>... User unknown
Oct 5 14:54:07 galaxy sendmail[19911]: i955s6HJ019911: [222.101.92.75] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0
Oct 5 14:54:57 galaxy sendmail[19912]: i955srHJ019912: ruleset=check_rcpt, arg1=<hgkong@mydomain.co.kr>, relay=[220.93.72.196], reject=550 5.2.1 <hgkong@mydomain.co.kr>... Mailbox disabled for this recipient
Oct 5 14:55:29 galaxy sendmail[19914]: i955tTHJ019914: <18b529948@galaxy.co.kr>... User unknown
Oct 5 14:55:51 galaxy sendmail[19915]: i955tpHJ019915: <614849@galaxy.co.kr>... User unknown
Oct 5 14:57:43 galaxy sendmail[19917]: i955vhHJ019917: <18b529948@galaxy.co.kr>... User unknown
Oct 5 14:58:03 galaxy sendmail[19918]: i955w2HJ019918: <614849@galaxy.co.kr>... User unknown


RH9 이고 DNS, Mail, Web 을 돌리고 있습니다.

감사합니다.

Forums: 
설치 및 활용 QnA
sodomau의 이미지

글쓴이: sodomau / 작성시간: 화, 2004/10/05 - 6:01오후

저도 잘은 모르지만

로그 내용을 보니

다른 녀석이 그 시스템을 이용해서 메일 릴레이하려는거 같네요.

악의 무리-_-가 다른 컴터를 통해 스팸을 보내려는 시도네요.

룰셋이 설정되어 있어서 그런거 다 잘 걸러내고 있다는 내용인거 같네요.

별 걱정 안 하셔도 될듯 합니다.

http://home.postech.ac.kr/~sodomau

댓글 달기

텍스트 포맷에 대한 자세한 정보

Filtered HTML

  • 텍스트에 BBCode 태그를 사용할 수 있습니다. URL은 자동으로 링크 됩니다.
  • 사용할 수 있는 HTML 태그: <p><div><span><br><a><em><strong><del><ins><b><i><u><s><pre><code><cite><blockquote><ul><ol><li><dl><dt><dd><table><tr><td><th><thead><tbody><h1><h2><h3><h4><h5><h6><img><embed><object><param><hr>
  • 다음 태그를 이용하여 소스 코드 구문 강조를 할 수 있습니다: <code>, <blockcode>, <apache>, <applescript>, <autoconf>, <awk>, <bash>, <c>, <cpp>, <css>, <diff>, <drupal5>, <drupal6>, <gdb>, <html>, <html5>, <java>, <javascript>, <ldif>, <lua>, <make>, <mysql>, <perl>, <perl6>, <php>, <pgsql>, <proftpd>, <python>, <reg>, <spec>, <ruby>. 지원하는 태그 형식: <foo>, [foo].
  • web 주소와/이메일 주소를 클릭할 수 있는 링크로 자동으로 바꿉니다.

BBCode

  • 텍스트에 BBCode 태그를 사용할 수 있습니다. URL은 자동으로 링크 됩니다.
  • 다음 태그를 이용하여 소스 코드 구문 강조를 할 수 있습니다: <code>, <blockcode>, <apache>, <applescript>, <autoconf>, <awk>, <bash>, <c>, <cpp>, <css>, <diff>, <drupal5>, <drupal6>, <gdb>, <html>, <html5>, <java>, <javascript>, <ldif>, <lua>, <make>, <mysql>, <perl>, <perl6>, <php>, <pgsql>, <proftpd>, <python>, <reg>, <spec>, <ruby>. 지원하는 태그 형식: <foo>, [foo].
  • 사용할 수 있는 HTML 태그: <p><div><span><br><a><em><strong><del><ins><b><i><u><s><pre><code><cite><blockquote><ul><ol><li><dl><dt><dd><table><tr><td><th><thead><tbody><h1><h2><h3><h4><h5><h6><img><embed><object><param>
  • web 주소와/이메일 주소를 클릭할 수 있는 링크로 자동으로 바꿉니다.

Textile

  • 다음 태그를 이용하여 소스 코드 구문 강조를 할 수 있습니다: <code>, <blockcode>, <apache>, <applescript>, <autoconf>, <awk>, <bash>, <c>, <cpp>, <css>, <diff>, <drupal5>, <drupal6>, <gdb>, <html>, <html5>, <java>, <javascript>, <ldif>, <lua>, <make>, <mysql>, <perl>, <perl6>, <php>, <pgsql>, <proftpd>, <python>, <reg>, <spec>, <ruby>. 지원하는 태그 형식: <foo>, [foo].
  • You can use Textile markup to format text.
  • 사용할 수 있는 HTML 태그: <p><div><span><br><a><em><strong><del><ins><b><i><u><s><pre><code><cite><blockquote><ul><ol><li><dl><dt><dd><table><tr><td><th><thead><tbody><h1><h2><h3><h4><h5><h6><img><embed><object><param><hr>

Markdown

  • 다음 태그를 이용하여 소스 코드 구문 강조를 할 수 있습니다: <code>, <blockcode>, <apache>, <applescript>, <autoconf>, <awk>, <bash>, <c>, <cpp>, <css>, <diff>, <drupal5>, <drupal6>, <gdb>, <html>, <html5>, <java>, <javascript>, <ldif>, <lua>, <make>, <mysql>, <perl>, <perl6>, <php>, <pgsql>, <proftpd>, <python>, <reg>, <spec>, <ruby>. 지원하는 태그 형식: <foo>, [foo].
  • Quick Tips:
    • Two or more spaces at a line's end = Line break
    • Double returns = Paragraph
    • *Single asterisks* or _single underscores_ = Emphasis
    • **Double** or __double__ = Strong
    • This is [a link](http://the.link.example.com "The optional title text")
    For complete details on the Markdown syntax, see the Markdown documentation and Markdown Extra documentation for tables, footnotes, and more.
  • web 주소와/이메일 주소를 클릭할 수 있는 링크로 자동으로 바꿉니다.
  • 사용할 수 있는 HTML 태그: <p><div><span><br><a><em><strong><del><ins><b><i><u><s><pre><code><cite><blockquote><ul><ol><li><dl><dt><dd><table><tr><td><th><thead><tbody><h1><h2><h3><h4><h5><h6><img><embed><object><param><hr>

Plain text

  • HTML 태그를 사용할 수 없습니다.
  • web 주소와/이메일 주소를 클릭할 수 있는 링크로 자동으로 바꿉니다.
  • 줄과 단락은 자동으로 분리됩니다.
댓글 첨부 파일
이 댓글에 이미지나 파일을 업로드 합니다.
파일 크기는 8 MB보다 작아야 합니다.
허용할 파일 형식: txt pdf doc xls gif jpg jpeg mp3 png rar zip.
CAPTCHA
이것은 자동으로 스팸을 올리는 것을 막기 위해서 제공됩니다.