Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Paul T.C.Fung on June 24, 2003, 09:55:05 AM
-
Dear All,
Just found out that some one is using my SME 5.5 Box (Update6) to line up a "DOS UDP echo+chargen bomb" attack to an IP,
They are comming from many different IP and via my SME 5.5 box change to an IP for dDos attack.
I have Snort+Guardian installed and can see the attack, but have not idea how to stop them. (Looks like Guardian are not stoping them, and if guardian stop they just change the IP.....)
At first I think SME is having quit a good security, but now, I am a little bit upset..... or may be I have do something wrong.......
Please help, as I do not want my SME server to attack any one on net......
Best Regards,
Paul T.C.Fung
-
You better report this to smesecurity@mitel.com.
-
Paul T.C.Fung wrote:
>
> Dear All,
>
> Just found out that some one is using my SME 5.5 Box
> (Update6) to line up a "DOS UDP echo+chargen bomb" attack to
> an IP,
> [...]
As Michiel said, all security concerns with the SME Server should be
addressed to smesecurity@mitel.com, and only there.
The echo and chargen services are not, and have never been, enabled
in the SMEServer configuration.
Thanks,
Gordon
-
Thanks for the advices, I have been talking to the "smesecurity@mitel.com" and they are helping me now, thanks !!
Best regards,
Paul
-
Thanks all !!
This case is at last solved, it is quit a mistake made my my ISP who said that My server is do dDOS to others.
The truth is : 2 of my un-used IP is Hijacked by some ..... "Bad Guys" in Europe (that is where all the traceroute ends up....) and use them to attack some one.... also in Europe. The SME server are not doing any attack but are only attacked by them. That is why all these attack record come from.
Sorry for the message posted, as I am in a "User Panic" and seeking for help here.
Also thanks for the help that make me feel the good side of the community !!
Again, Thanks !!
Best Regars,
Paul T.C.Fung