Topic: Hack Attempt ???

[RedBeard]

Hi All,

I was looking at my logs on my SME 6.01 server and the /var/log/message log had the following:

Jul 12 08:30:24 server oidentd[11866]: [jet7.hasweb.com] Successful lookup: 57959 , 25 : qmailr (qmailr)
Jul 12 08:35:00 server ucd-snmp[2688]: Connection from 127.0.0.1
Jul 12 08:35:00 server ucd-snmp[2688]: Connection from 127.0.0.1
Jul 12 08:36:59 server oidentd[12300]: Connection from server.elpaso.net (208.169.36.11):29942
Jul 12 08:36:59 server oidentd[12300]: [server.elpaso.net] Successful lookup: 57979 , 25 : qmailr (qmailr)
Jul 12 08:40:00 server ucd-snmp[2688]: Connection from 127.0.0.1
Jul 12 08:45:00 server last message repeated 8 times
Jul 12 08:56:59 server oidentd[13756]: Connection from server.elpaso.net (208.169.36.11):34894
Jul 12 08:56:59 server oidentd[13756]: [server.elpaso.net] Successful lookup: 58406 , 25 : qmailr (qmailr)
Jul 12 09:00:00 server ucd-snmp[2688]: Connection from 127.0.0.1

Is this a hack attempt or is this another server verifying a valid email server?  I don’t remember seeing this before, but I noticed that for one of the sites an email was sent thru my system to that particular server.

Thanks,
Kevin

[CharlieBrady]

I was looking at my logs on my SME 6.01 server and the /var/log/message log had the following:

Jul 12 08:30:24 server oidentd[11866]: [jet7.hasweb.com] Successful lookup: 57959 , 25 : qmailr (qmailr)

That just means that your server sent mail to jet7.hasweb.com, and their mail program asked your server which uid was connecting to it.

Your server intercepts outgoing mail, so it could have been any of your workstations which generated the mail message.

Jul 12 08:35:00 server ucd-snmp[2688]: Connection from 127.0.0.1

You have some contrib installed which uses SNMP.


 [/quote]

[RedBeard]

Thanks Charlie  

I had never seen this before and google didn't help narrow it down for me and yes I have MRTG running so that is the SNMP traffic.

Kevin