作者 主題: DNS與sendmail的log...可以請高手研判一下嗎?  (閱讀 4592 次)

0 會員 與 1 訪客 正在閱讀本文。

sharbui

  • 可愛的小學生
  • *
  • 文章數: 8
    • 檢視個人資料
以下是BIND發出來的:
代碼: [選擇]

Dec 26 20:43:38 firewall3 named[484]: lame server resolving '7.136.116.210.in-addr.arpa' (in '136.116.210.in-addr.arpa'?): 211.115.194.3#53
Dec 26 20:43:38 firewall3 named[484]: lame server resolving '7.136.116.210.in-addr.arpa' (in '136.116.210.in-addr.arpa'?): 211.115.194.2#53
Dec 26 20:43:48 firewall3 named[484]: lame server resolving '7.136.116.210.in-addr.arpa' (in '136.116.210.in-addr.arpa'?): 211.115.194.3#53
Dec 26 20:43:48 firewall3 named[484]: lame server resolving '7.136.116.210.in-addr.arpa' (in '136.116.210.in-addr.arpa'?): 211.115.194.2#53
Dec 26 20:43:52 firewall3 named[484]: lame server resolving 'ns2.rotld.ro' (in 'rotld.ro'?): 194.105.16.1#53
Dec 26 20:43:52 firewall3 named[484]: lame server resolving 'ns3.rotld.ro' (in 'rotld.ro'?): 194.105.16.1#53
Dec 26 20:43:52 firewall3 named[484]: lame server resolving 'ns4.rotld.ro' (in 'rotld.ro'?): 194.105.16.1#53
Dec 26 20:43:52 firewall3 named[484]: lame server resolving 'ns1.rotld.ro' (in 'rotld.ro'?): 194.105.16.1#53
Dec 26 20:43:53 firewall3 named[484]: lame server resolving 'ns2.rotld.ro' (in 'rotld.ro'?): 194.105.16.254#53
Dec 26 20:43:53 firewall3 named[484]: lame server resolving 'ns3.rotld.ro' (in 'rotld.ro'?): 194.105.16.254#53
Dec 26 20:43:53 firewall3 named[484]: lame server resolving 'ns4.rotld.ro' (in 'rotld.ro'?): 194.105.16.254#53
Dec 26 20:43:53 firewall3 named[484]: lame server resolving 'ns1.rotld.ro' (in 'rotld.ro'?): 194.105.16.254#53
Dec 26 20:43:53 firewall3 named[484]: lame server resolving 'ns1.rotld.ro' (in 'rotld.ro'?): 192.162.16.18#53
Dec 26 20:43:53 firewall3 named[484]: lame server resolving 'ns2.rotld.ro' (in 'rotld.ro'?): 192.162.16.18#53
Dec 26 20:43:53 firewall3 named[484]: lame server resolving 'ns3.rotld.ro' (in 'rotld.ro'?): 192.162.16.18#53
Dec 26 20:43:53 firewall3 named[484]: lame server resolving 'ns4.rotld.ro' (in 'rotld.ro'?): 192.162.16.18#53
Dec 26 20:43:55 firewall3 named[484]: lame server resolving '7.136.116.210.in-addr.arpa' (in '136.116.210.in-addr.arpa'?): 211.115.194.3#53
Dec 26 20:43:55 firewall3 named[484]: lame server resolving '7.136.116.210.in-addr.arpa' (in '136.116.210.in-addr.arpa'?): 211.115.194.2#53
Dec 26 20:44:01 firewall3 named[484]: lame server resolving '7.136.116.210.in-addr.arpa' (in '136.116.210.in-addr.arpa'?): 211.115.194.2#53
Dec 26 20:44:01 firewall3 named[484]: lame server resolving '7.136.116.210.in-addr.arpa' (in '136.116.210.in-addr.arpa'?): 211.115.194.3#53
Dec 26 20:45:05 firewall3 named[484]: lame server resolving '2.123.195.81.in-addr.arpa' (in '123.195.81.in-addr.arpa'?): 212.188.8.37#53
Dec 26 20:45:06 firewall3 named[484]: lame server resolving '2.123.195.81.in-addr.arpa' (in '123.195.81.in-addr.arpa'?): 195.34.32.83#53
Dec 26 20:45:09 firewall3 named[484]: lame server resolving '2.123.195.81.in-addr.arpa' (in '123.195.81.in-addr.arpa'?): 212.188.8.37#53
Dec 26 20:45:09 firewall3 named[484]: lame server resolving '2.123.195.81.in-addr.arpa' (in '123.195.81.in-addr.arpa'?): 195.34.32.83#53


以下是sendmail發出的群發病毒信:
代碼: [選擇]

Dec 26 21:07:55 firewall3 sendmail[4894]: kBQD7sX6004894: from=<abuse@公司.com.tw>, size=1120, class=0, nrcpts=1, msgid=<200612261307.kBQD7sX6004894@firewall3.公司.com.tw>, proto=ESMTP, daemon=MTA, relay=125-232-212-129.dynamic.hinet.net [125.232.212.129]
Dec 26 21:07:55 firewall3 sendmail[4901]: kBQD7tXE004901: from=<abuse@公司.com.tw>, size=1522, class=0, nrcpts=1, msgid=<200612261307.kBQD7sX6004894@firewall3.公司.com.tw>, relay=root@localhost
Dec 26 21:54:36 firewall3 sendmail[23361]: kBQDsW2E023361: from=<abuse@公司.com.tw>, size=1116, class=0, nrcpts=1, msgid=<200612261354.kBQDsW2E023361@firewall3.公司.com.tw>, proto=ESMTP, daemon=MTA, relay=125-232-214-48.dynamic.hinet.net [125.232.214.48]
Dec 26 21:54:36 firewall3 sendmail[23359]: kBQDsWwv023359: from=<abuse@公司.com.tw>, size=1118, class=0, nrcpts=1, msgid=<200612261354.kBQDsWwv023359@firewall3.公司.com.tw>, proto=ESMTP, daemon=MTA, relay=125-232-214-48.dynamic.hinet.net [125.232.214.48]
Dec 26 21:54:36 firewall3 sendmail[23362]: kBQDsWGH023362: from=<abuse@公司.com.tw>, size=1132, class=0, nrcpts=1, msgid=<200612261354.kBQDsWGH023362@firewall3.公司.com.tw>, proto=ESMTP, daemon=MTA, relay=125-232-214-48.dynamic.hinet.net [125.232.214.48]
Dec 26 21:54:38 firewall3 sendmail[23397]: kBQDscFr023397: from=<abuse@公司.com.tw>, size=1538, class=0, nrcpts=1, msgid=<200612261354.kBQDsWGH023362@firewall3.公司.com.tw>, relay=root@localhost
Dec 26 21:54:38 firewall3 sendmail[23398]: kBQDscl0023398: from=<abuse@公司.com.tw>, size=1514, class=0, nrcpts=1, msgid=<200612261354.kBQDsW2E023361@firewall3.公司.com.tw>, relay=root@localhost


他用一個不存在的user來發病毒信..造成內部中毒...
會是透過sendmail進來的嗎?

請各位老大賜教..感謝

redjack

  • 活潑的大學生
  • ***
  • 文章數: 426
    • 檢視個人資料
DNS與sendmail的log...可以請高手研判一下嗎?
« 回覆 #1 於: 2007-01-16 12:36 »
我在猜啦

是不是因為沒有認證的關係?

說錯請不要打我…
Knowledge is Power