HELP UNDER ATTACK

staboogie · Feb 12, 2004

seems like my mail server is being targeted. i did a nestat on my mail server and saw this

TCP 192.168.10.18:25 4.8.104.83:3329 TIME_WAIT
TCP 192.168.10.18:25 4.47.223.97:2521 TIME_WAIT
TCP 192.168.10.18:25 12.217.237.149:2447 TIME_WAIT
TCP 192.168.10.18:25 12.217.237.149:4874 TIME_WAIT
TCP 192.168.10.18:25 24.1.139.140:4033 TIME_WAIT
TCP 192.168.10.18:25 24.2.23.195:3882 TIME_WAIT
TCP 192.168.10.18:25 24.6.154.100:3814 TIME_WAIT
TCP 192.168.10.18:25 24.10.2.211:4647 TIME_WAIT
TCP 192.168.10.18:25 24.14.74.39:34764 CLOSE_WAIT
TCP 192.168.10.18:25 24.14.74.39:60364 TIME_WAIT
TCP 192.168.10.18:25 24.20.99.218:4688 TIME_WAIT
TCP 192.168.10.18:25 24.20.99.218:4696 CLOSE_WAIT
TCP 192.168.10.18:25 24.20.195.153:60805 TIME_WAIT
TCP 192.168.10.18:25 24.20.195.153:60813 CLOSE_WAIT
TCP 192.168.10.18:25 24.42.162.219:1233 TIME_WAIT
TCP 192.168.10.18:25 24.42.162.219:1259 TIME_WAIT
TCP 192.168.10.18:25 24.83.218.92:4001 CLOSING
TCP 192.168.10.18:25 24.107.145.174:1862 TIME_WAIT
TCP 192.168.10.18:25 24.112.132.39:3494 TIME_WAIT
TCP 192.168.10.18:25 24.112.132.39:3502 TIME_WAIT
TCP 192.168.10.18:25 24.112.132.39:3503 TIME_WAIT
TCP 192.168.10.18:25 24.118.164.74:21073 CLOSING
TCP 192.168.10.18:25 24.125.111.48:1836 TIME_WAIT
TCP 192.168.10.18:25 24.132.206.138:3865 TIME_WAIT
TCP 192.168.10.18:25 24.166.104.95:2532 TIME_WAIT
TCP 192.168.10.18:25 24.174.97.193:4008 TIME_WAIT
TCP 192.168.10.18:25 24.199.192.89:4467 TIME_WAIT
TCP 192.168.10.18:25 24.233.59.242:2941 TIME_WAIT
TCP 192.168.10.18:25 61.34.206.185:1507 TIME_WAIT
TCP 192.168.10.18:25 61.36.37.34:4755 TIME_WAIT
TCP 192.168.10.18:25 61.36.37.34:4882 TIME_WAIT
TCP 192.168.10.18:25 61.36.37.34:4926 TIME_WAIT
TCP 192.168.10.18:25 61.36.37.34:4928 TIME_WAIT
TCP 192.168.10.18:25 61.49.150.12:64679 CLOSING
TCP 192.168.10.18:25 61.53.244.106:1542 TIME_WAIT
TCP 192.168.10.18:25 61.53.244.106:1736 TIME_WAIT
TCP 192.168.10.18:25 61.53.244.106:1737 TIME_WAIT
TCP 192.168.10.18:25 61.101.37.59:1252 TIME_WAIT
TCP 192.168.10.18:25 61.101.37.59:1260 TIME_WAIT
TCP 192.168.10.18:25 61.101.37.59:1261 TIME_WAIT
TCP 192.168.10.18:25 61.111.58.11:4691 CLOSING
TCP 192.168.10.18:25 61.129.70.84:3459 TIME_WAIT
TCP 192.168.10.18:25 61.129.70.84:3461 TIME_WAIT
TCP 192.168.10.18:25 61.129.70.84:3468 TIME_WAIT
TCP 192.168.10.18:25 61.131.59.190:1329 CLOSING
TCP 192.168.10.18:25 61.133.63.113:2333 TIME_WAIT
TCP 192.168.10.18:25 61.134.112.124:2480 TIME_WAIT
TCP 192.168.10.18:25 61.134.112.124:2488 TIME_WAIT
TCP 192.168.10.18:25 61.144.50.85:2316 CLOSING
TCP 192.168.10.18:25 61.144.107.227:2065 CLOSING
TCP 192.168.10.18:25 61.144.182.60:39287 TIME_WAIT
TCP 192.168.10.18:25 61.155.235.194:1696 LAST_ACK
TCP 192.168.10.18:25 61.171.117.118:3832 CLOSING
TCP 192.168.10.18:25 61.172.148.187:3532 TIME_WAIT
TCP 192.168.10.18:25 61.172.148.187:3590 TIME_WAIT
TCP 192.168.10.18:25 61.172.148.187:3604 TIME_WAIT
TCP 192.168.10.18:25 61.172.148.187:3608 CLOSE_WAIT
TCP 192.168.10.18:25 61.177.42.226:1212 CLOSING
TCP 192.168.10.18:25 61.177.42.226:4403 CLOSING
TCP 192.168.10.18:25 61.179.111.146:7738 TIME_WAIT
TCP 192.168.10.18:25 61.179.111.146:12752 TIME_WAIT
TCP 192.168.10.18:25 61.179.111.146:16755 TIME_WAIT
TCP 192.168.10.18:25 61.179.111.146:56967 CLOSE_WAIT
TCP 192.168.10.18:25 61.179.111.146:60220 TIME_WAIT
TCP 192.168.10.18:25 61.187.64.195:28610 CLOSING
TCP 192.168.10.18:25 61.187.64.195:46557 CLOSING
TCP 192.168.10.18:25 61.189.203.10:21028 CLOSING
TCP 192.168.10.18:25 61.189.203.10:21035 CLOSING
TCP 192.168.10.18:25 61.189.203.10:21037 CLOSING
TCP 192.168.10.18:25 62.16.0.172:33004 TIME_WAIT
TCP 192.168.10.18:25 62.16.154.110:2767 TIME_WAIT
TCP 192.168.10.18:25 62.43.34.163:4210 TIME_WAIT
TCP 192.168.10.18:25 62.195.31.92:2896 TIME_WAIT
TCP 192.168.10.18:25 62.197.161.190:2726 CLOSE_WAIT
TCP 192.168.10.18:25 62.248.36.67:2156 TIME_WAIT
TCP 192.168.10.18:25 62.248.36.67:2161 TIME_WAIT
TCP 192.168.10.18:25 62.248.36.67:2164 TIME_WAIT
TCP 192.168.10.18:25 63.228.226.145:25565 TIME_WAIT
TCP 192.168.10.18:25 64.7.202.66:48622 TIME_WAIT
TCP 192.168.10.18:25 64.86.141.176:13254 TIME_WAIT
TCP 192.168.10.18:25 64.86.141.176:13493 TIME_WAIT
TCP 192.168.10.18:25 64.86.141.176:13495 TIME_WAIT
TCP 192.168.10.18:25 65.48.90.155:3589 CLOSING
TCP 192.168.10.18:25 65.96.82.132:2965 TIME_WAIT
TCP 192.168.10.18:25 65.96.82.132:3005 TIME_WAIT
TCP 192.168.10.18:25 66.24.236.10:44677 TIME_WAIT
TCP 192.168.10.18:25 66.24.236.10:44679 TIME_WAIT
TCP 192.168.10.18:25 66.55.169.119:46114 TIME_WAIT
TCP 192.168.10.18:25 66.76.145.135:64579 CLOSING
TCP 192.168.10.18:25 66.103.243.198:49900 ESTABLISHED
TCP 192.168.10.18:25 66.131.224.28:2815 CLOSE_WAIT
TCP 192.168.10.18:25 66.214.208.124:1726 ESTABLISHED
TCP 192.168.10.18:25 66.235.16.143:20543 FIN_WAIT_1
TCP 192.168.10.18:25 66.235.59.8:2076 FIN_WAIT_1
TCP 192.168.10.18:25 66.235.59.8:2183 FIN_WAIT_1
TCP 192.168.10.18:25 66.235.59.8:2269 FIN_WAIT_1
TCP 192.168.10.18:25 67.8.58.224:2629 TIME_WAIT
TCP 192.168.10.18:25 67.164.116.159:4931 TIME_WAIT
TCP 192.168.10.18:25 67.166.57.43:3126 TIME_WAIT
TCP 192.168.10.18:25 67.166.57.43:3137 TIME_WAIT
TCP 192.168.10.18:25 67.166.57.43:3139 TIME_WAIT
TCP 192.168.10.18:25 67.167.0.245:3906 TIME_WAIT
TCP 192.168.10.18:25 68.54.94.87:3030 TIME_WAIT
TCP 192.168.10.18:25 68.80.102.246:3031 TIME_WAIT
TCP 192.168.10.18:25 68.82.77.83:2896 TIME_WAIT
TCP 192.168.10.18:25 68.82.77.83:2898 TIME_WAIT
TCP 192.168.10.18:25 68.89.137.212:1449 TIME_WAIT
TCP 192.168.10.18:25 68.103.47.246:4556 TIME_WAIT
TCP 192.168.10.18:25 68.103.47.246:4558 TIME_WAIT
TCP 192.168.10.18:25 68.103.47.246:4581 TIME_WAIT
TCP 192.168.10.18:25 68.103.85.36:4891 TIME_WAIT
TCP 192.168.10.18:25 68.118.251.132:2967 ESTABLISHED
TCP 192.168.10.18:25 68.188.199.110:4040 TIME_WAIT
TCP 192.168.10.18:25 68.233.24.221:4550 TIME_WAIT
TCP 192.168.10.18:25 69.1.226.136:58975 TIME_WAIT
TCP 192.168.10.18:25 69.1.226.136:58987 TIME_WAIT
TCP 192.168.10.18:25 69.1.226.136:59020 TIME_WAIT
TCP 192.168.10.18:25 69.1.226.136:59026 TIME_WAIT
TCP 192.168.10.18:25 69.47.65.55:3697 CLOSE_WAIT
TCP 192.168.10.18:25 69.138.28.215:19806 CLOSE_WAIT
TCP 192.168.10.18:25 69.138.28.215:19831 TIME_WAIT
TCP 192.168.10.18:25 69.138.28.215:19833 TIME_WAIT
TCP 192.168.10.18:25 69.144.29.94:4027 TIME_WAIT
TCP 192.168.10.18:25 69.148.51.238:3065 TIME_WAIT
TCP 192.168.10.18:25 80.81.43.243:4536 TIME_WAIT
TCP 192.168.10.18:25 80.81.43.243:4545 ESTABLISHED
TCP 192.168.10.18:25 80.117.252.46:38776 TIME_WAIT
TCP 192.168.10.18:25 80.221.107.226:3358 TIME_WAIT
TCP 192.168.10.18:25 80.230.92.118:35044 TIME_WAIT
TCP 192.168.10.18:25 81.7.73.155:57026 LAST_ACK
TCP 192.168.10.18:25 81.39.217.220:15583 TIME_WAIT
TCP 192.168.10.18:25 81.39.217.220:15591 TIME_WAIT
TCP 192.168.10.18:25 81.39.217.220:15601 TIME_WAIT
TCP 192.168.10.18:25 81.56.108.45:2196 TIME_WAIT
TCP 192.168.10.18:25 81.62.180.20:2550 TIME_WAIT
TCP 192.168.10.18:25 81.166.42.108:1582 TIME_WAIT
TCP 192.168.10.18:25 81.166.42.108:1585 TIME_WAIT
TCP 192.168.10.18:25 81.215.107.84:1213 CLOSING
TCP 192.168.10.18:25 82.212.36.13:3819 TIME_WAIT
TCP 192.168.10.18:25 146.82.220.227:6858 TIME_WAIT
TCP 192.168.10.18:25 146.82.220.229:7605 TIME_WAIT
TCP 192.168.10.18:25 165.21.29.116:1259 CLOSING
TCP 192.168.10.18:25 168.160.228.136:1936 LAST_ACK
TCP 192.168.10.18:25 194.41.105.104:4442 LAST_ACK
TCP 192.168.10.18:25 194.108.48.34:4826 TIME_WAIT
TCP 192.168.10.18:25 194.108.48.34:4827 TIME_WAIT
TCP 192.168.10.18:25 202.99.170.37:45852 TIME_WAIT
TCP 192.168.10.18:25 202.102.138.24:54742 TIME_WAIT
TCP 192.168.10.18:25 202.102.138.24:56064 TIME_WAIT
TCP 192.168.10.18:25 202.108.45.80:42497 LAST_ACK
TCP 192.168.10.18:25 202.108.45.82:37244 LAST_ACK
TCP 192.168.10.18:25 202.108.45.82:50867 CLOSING
TCP 192.168.10.18:25 202.108.252.135:60233 LAST_ACK
TCP 192.168.10.18:25 202.109.202.2:20347 FIN_WAIT_1
TCP 192.168.10.18:25 203.45.232.59:4130 CLOSING
TCP 192.168.10.18:25 203.131.162.24:2147 TIME_WAIT
TCP 192.168.10.18:25 203.145.183.157:3443 CLOSING
TCP 192.168.10.18:25 203.193.138.2:4929 TIME_WAIT
TCP 192.168.10.18:25 206.230.0.61:4235 TIME_WAIT
TCP 192.168.10.18:25 207.193.229.60:3140 TIME_WAIT
TCP 192.168.10.18:25 207.193.229.60:3147 TIME_WAIT
TCP 192.168.10.18:25 207.217.120.148:52937 ESTABLISHED
TCP 192.168.10.18:25 207.248.43.188:4119 TIME_WAIT
TCP 192.168.10.18:25 209.89.12.6:65291 TIME_WAIT
TCP 192.168.10.18:25 209.225.8.184:40005 TIME_WAIT
TCP 192.168.10.18:25 210.22.199.126:43641 TIME_WAIT
TCP 192.168.10.18:25 210.83.9.198:2489 TIME_WAIT
TCP 192.168.10.18:25 210.83.9.198:2510 TIME_WAIT
TCP 192.168.10.18:25 210.83.9.198:2514 TIME_WAIT
TCP 192.168.10.18:25 210.83.9.198:2642 TIME_WAIT
TCP 192.168.10.18:25 210.83.9.198:2653 TIME_WAIT
TCP 192.168.10.18:25 210.190.142.180:63904 TIME_WAIT
TCP 192.168.10.18:25 210.217.94.234:3359 TIME_WAIT
TCP 192.168.10.18:25 210.217.94.234:3361 CLOSE_WAIT
TCP 192.168.10.18:25 210.222.84.116:1887 TIME_WAIT
TCP 192.168.10.18:25 210.222.84.116:1933 TIME_WAIT
TCP 192.168.10.18:25 210.222.84.116:1935 TIME_WAIT
TCP 192.168.10.18:25 211.33.43.150:2484 CLOSING
TCP 192.168.10.18:25 211.54.197.83:3265 TIME_WAIT
TCP 192.168.10.18:25 211.63.3.1:62890 ESTABLISHED
TCP 192.168.10.18:25 211.99.42.206:46243 LAST_ACK
TCP 192.168.10.18:25 211.113.244.202:4393 CLOSE_WAIT
TCP 192.168.10.18:25 211.144.168.60:11531 TIME_WAIT
TCP 192.168.10.18:25 211.144.171.61:5324 CLOSING
TCP 192.168.10.18:25 211.147.255.135:37886 CLOSING
TCP 192.168.10.18:25 211.147.255.135:40535 CLOSING
TCP 192.168.10.18:25 211.147.255.135:41580 TIME_WAIT
TCP 192.168.10.18:25 211.158.92.126:20973 TIME_WAIT
TCP 192.168.10.18:25 211.194.117.32:2333 TIME_WAIT
TCP 192.168.10.18:25 211.194.145.222:3483 TIME_WAIT
TCP 192.168.10.18:25 211.194.145.222:3485 TIME_WAIT
TCP 192.168.10.18:25 211.202.173.184:3244 TIME_WAIT
TCP 192.168.10.18:25 211.202.173.184:3254 TIME_WAIT
TCP 192.168.10.18:25 211.202.173.184:3255 TIME_WAIT
TCP 192.168.10.18:25 211.214.91.8:1542 TIME_WAIT
TCP 192.168.10.18:25 211.215.24.126:3420 TIME_WAIT
TCP 192.168.10.18:25 211.216.136.94:24530 TIME_WAIT
TCP 192.168.10.18:25 211.216.136.94:24542 TIME_WAIT
TCP 192.168.10.18:25 211.239.91.74:1510 TIME_WAIT
TCP 192.168.10.18:25 213.44.244.149:4487 TIME_WAIT
TCP 192.168.10.18:25 213.44.244.149:4505 CLOSE_WAIT
TCP 192.168.10.18:25 213.44.244.149:4525 TIME_WAIT
TCP 192.168.10.18:25 213.120.97.109:1768 TIME_WAIT
TCP 192.168.10.18:25 213.120.97.109:1774 TIME_WAIT
TCP 192.168.10.18:25 213.199.192.98:2089 TIME_WAIT
TCP 192.168.10.18:25 213.199.192.98:2094 TIME_WAIT
TCP 192.168.10.18:25 213.245.76.91:1510 CLOSING
TCP 192.168.10.18:25 217.225.67.216:3908 TIME_WAIT
TCP 192.168.10.18:25 217.225.67.216:3946 TIME_WAIT
TCP 192.168.10.18:25 218.4.199.42:1500 TIME_WAIT
TCP 192.168.10.18:25 218.4.199.42:1629 TIME_WAIT
TCP 192.168.10.18:25 218.5.67.206:2397 CLOSING
TCP 192.168.10.18:25 218.5.109.19:4704 CLOSING
TCP 192.168.10.18:25 218.6.38.51:2620 CLOSING
TCP 192.168.10.18:25 218.6.38.51:2850 CLOSING
TCP 192.168.10.18:25 218.6.140.8:2690 CLOSING
TCP 192.168.10.18:25 218.6.140.8:2934 TIME_WAIT
TCP 192.168.10.18:25 218.7.35.101:1025 TIME_WAIT
TCP 192.168.10.18:25 218.7.35.101:1026 CLOSING
TCP 192.168.10.18:25 218.7.35.101:1027 TIME_WAIT
TCP 192.168.10.18:25 218.9.186.84:4739 CLOSING
TCP 192.168.10.18:25 218.11.89.91:21934 CLOSING
TCP 192.168.10.18:25 218.11.89.91:38902 CLOSING
TCP 192.168.10.18:25 218.11.89.192:2617 CLOSING
TCP 192.168.10.18:25 218.11.245.132:3121 CLOSING
TCP 192.168.10.18:25 218.11.245.132:3239 CLOSING
TCP 192.168.10.18:25 218.11.245.132:4364 CLOSING
TCP 192.168.10.18:25 218.11.245.132:4669 CLOSING
TCP 192.168.10.18:25 218.11.245.132:4871 CLOSING
TCP 192.168.10.18:25 218.15.245.218:63695 TIME_WAIT
TCP 192.168.10.18:25 218.15.245.218:65003 CLOSING
TCP 192.168.10.18:25 218.15.245.218:65047 TIME_WAIT
TCP 192.168.10.18:25 218.16.76.238:3328 LAST_ACK
TCP 192.168.10.18:25 218.16.131.118:64012 CLOSING
TCP 192.168.10.18:25 218.16.232.206:4932 CLOSING
TCP 192.168.10.18:25 218.16.232.206:4978 CLOSING
TCP 192.168.10.18:25 218.17.73.181:1819 CLOSING
TCP 192.168.10.18:25 218.17.83.174:63393 CLOSING
TCP 192.168.10.18:25 218.17.243.205:12935 CLOSING
TCP 192.168.10.18:25 218.17.243.205:25712 CLOSE_WAIT
TCP 192.168.10.18:25 218.17.243.205:36125 CLOSING
TCP 192.168.10.18:25 218.17.243.205:40804 CLOSING
TCP 192.168.10.18:25 218.17.243.205:55845 CLOSING
TCP 192.168.10.18:25 218.17.243.205:61226 CLOSING
TCP 192.168.10.18:25 218.18.86.10:46528 CLOSING
TCP 192.168.10.18:25 218.18.222.184:1451 CLOSING
TCP 192.168.10.18:25 218.19.48.72:50670 CLOSING
TCP 192.168.10.18:25 218.20.115.36:63787 LAST_ACK
TCP 192.168.10.18:25 218.22.1.146:2130 CLOSING
TCP 192.168.10.18:25 218.26.222.48:2316 TIME_WAIT
TCP 192.168.10.18:25 218.26.222.48:2335 TIME_WAIT
TCP 192.168.10.18:25 218.26.222.48:2336 TIME_WAIT
TCP 192.168.10.18:25 218.27.205.7:1093 TIME_WAIT
TCP 192.168.10.18:25 218.27.205.7:2709 CLOSING
TCP 192.168.10.18:25 218.53.255.118:3570 TIME_WAIT
TCP 192.168.10.18:25 218.53.255.118:3578 TIME_WAIT
TCP 192.168.10.18:25 218.53.255.118:3609 TIME_WAIT
TCP 192.168.10.18:25 218.53.255.118:3636 TIME_WAIT
TCP 192.168.10.18:25 218.53.255.118:3637 TIME_WAIT
TCP 192.168.10.18:25 218.56.20.2:4160 TIME_WAIT
TCP 192.168.10.18:25 218.56.20.2:17667 TIME_WAIT
TCP 192.168.10.18:25 218.56.20.2:53744 TIME_WAIT
TCP 192.168.10.18:25 218.58.239.143:2248 TIME_WAIT
TCP 192.168.10.18:25 218.58.239.143:2295 TIME_WAIT
TCP 192.168.10.18:25 218.58.239.143:2304 TIME_WAIT
TCP 192.168.10.18:25 218.59.99.213:21073 CLOSE_WAIT
TCP 192.168.10.18:25 218.59.110.216:44005 TIME_WAIT
TCP 192.168.10.18:25 218.59.110.216:44031 TIME_WAIT
TCP 192.168.10.18:25 218.62.81.254:15203 CLOSING
TCP 192.168.10.18:25 218.62.81.254:17655 CLOSING
TCP 192.168.10.18:25 218.62.81.254:22804 TIME_WAIT
TCP 192.168.10.18:25 218.66.83.72:64967 CLOSING
TCP 192.168.10.18:25 218.68.235.32:2524 LAST_ACK
TCP 192.168.10.18:25 218.68.235.32:4052 CLOSING
TCP 192.168.10.18:25 218.69.106.158:2436 CLOSING
TCP 192.168.10.18:25 218.69.212.79:41869 CLOSING
TCP 192.168.10.18:25 218.70.58.69:1717 CLOSING
TCP 192.168.10.18:25 218.75.146.145:3873 CLOSING
TCP 192.168.10.18:25 218.75.235.26:3267 CLOSING
TCP 192.168.10.18:25 218.76.176.98:1027 CLOSING
TCP 192.168.10.18:25 218.77.90.156:45578 CLOSING
TCP 192.168.10.18:25 218.77.90.156:45761 SYN_RECEIVED
TCP 192.168.10.18:25 218.85.133.90:3615 CLOSING
TCP 192.168.10.18:25 218.88.65.24:1044 CLOSING
TCP 192.168.10.18:25 218.88.65.24:4968 CLOSING
TCP 192.168.10.18:25 218.89.146.127:14958 CLOSING
TCP 192.168.10.18:25 218.90.222.46:1746 CLOSE_WAIT
TCP 192.168.10.18:25 218.104.47.183:17575 TIME_WAIT
TCP 192.168.10.18:25 218.108.35.86:1698 LAST_ACK
TCP 192.168.10.18:25 218.108.252.54:20889 TIME_WAIT
TCP 192.168.10.18:25 218.109.194.235:3374 LAST_ACK
TCP 192.168.10.18:25 218.144.56.162:3782 TIME_WAIT
TCP 192.168.10.18:25 218.144.56.162:3820 CLOSE_WAIT
TCP 192.168.10.18:25 218.144.56.162:3859 TIME_WAIT
TCP 192.168.10.18:25 218.162.168.171:64806 TIME_WAIT
TCP 192.168.10.18:25 218.162.168.171:65297 TIME_WAIT
TCP 192.168.10.18:25 218.163.27.33:3450 TIME_WAIT
TCP 192.168.10.18:25 218.163.27.33:3473 TIME_WAIT
TCP 192.168.10.18:25 218.163.27.33:3474 TIME_WAIT
TCP 192.168.10.18:25 218.238.118.171:3094 TIME_WAIT
TCP 192.168.10.18:25 218.244.59.202:4669 CLOSING
TCP 192.168.10.18:25 218.244.59.203:1769 TIME_WAIT
TCP 192.168.10.18:25 218.244.59.203:1783 TIME_WAIT
TCP 192.168.10.18:25 218.244.59.203:1785 CLOSING
TCP 192.168.10.18:25 219.130.9.219:64407 CLOSING
TCP 192.168.10.18:25 219.130.46.134:33194 CLOSING
TCP 192.168.10.18:25 219.133.19.118:40266 CLOSING
TCP 192.168.10.18:25 219.133.19.118:40657 CLOSING
TCP 192.168.10.18:25 219.133.84.50:2009 CLOSING
TCP 192.168.10.18:25 219.137.174.164:41375 CLOSING
TCP 192.168.10.18:25 219.138.96.226:1356 CLOSING
TCP 192.168.10.18:25 219.138.96.226:1385 CLOSING
TCP 192.168.10.18:25 219.138.96.226:2977 CLOSE_WAIT
TCP 192.168.10.18:25 219.138.96.226:2985 TIME_WAIT
TCP 192.168.10.18:25 219.139.32.35:2979 CLOSING
TCP 192.168.10.18:25 219.139.32.37:1633 CLOSING
TCP 192.168.10.18:25 219.144.194.146:1166 CLOSE_WAIT
TCP 192.168.10.18:25 219.148.175.103:1613 TIME_WAIT
TCP 192.168.10.18:25 219.149.102.34:41118 TIME_WAIT
TCP 192.168.10.18:25 219.149.102.34:41257 TIME_WAIT
TCP 192.168.10.18:25 219.149.102.34:41264 CLOSE_WAIT
TCP 192.168.10.18:25 219.159.161.25:12537 CLOSING
TCP 192.168.10.18:25 219.159.209.200:50117 CLOSING
TCP 192.168.10.18:25 219.159.215.23:28532 CLOSING
TCP 192.168.10.18:25 219.237.111.45:2609 FIN_WAIT_1
TCP 192.168.10.18:25 219.237.111.45:2859 TIME_WAIT
TCP 192.168.10.18:25 219.237.111.45:2957 CLOSING
TCP 192.168.10.18:25 219.237.111.45:3041 TIME_WAIT
TCP 192.168.10.18:25 219.249.135.89:2479 TIME_WAIT
TCP 192.168.10.18:25 220.71.133.119:32903 TIME_WAIT
TCP 192.168.10.18:25 220.77.86.222:1316 TIME_WAIT
TCP 192.168.10.18:25 220.87.181.191:1556 TIME_WAIT
TCP 192.168.10.18:25 220.92.20.14:2592 TIME_WAIT
TCP 192.168.10.18:25 220.116.81.78:3000 TIME_WAIT
TCP 192.168.10.18:25 220.116.81.78:3006 TIME_WAIT
TCP 192.168.10.18:25 220.116.81.78:3007 TIME_WAIT
TCP 192.168.10.18:25 220.116.244.225:1993 TIME_WAIT
TCP 192.168.10.18:25 220.161.42.200:63383 CLOSING
TCP 192.168.10.18:25 220.163.26.89:64133 CLOSING
TCP 192.168.10.18:25 220.163.26.89:64589 CLOSING
TCP 192.168.10.18:25 220.168.142.244:10728 CLOSING
TCP 192.168.10.18:25 220.168.142.244:10732 TIME_WAIT
TCP 192.168.10.18:25 220.168.143.33:2113 CLOSING
TCP 192.168.10.18:25 220.244.21.94:3244 TIME_WAIT
TCP 192.168.10.18:25 220.244.21.94:3250 TIME_WAIT
TCP 192.168.10.18:25 221.127.161.148:4461 TIME_WAIT
TCP 192.168.10.18:25 221.168.197.119:1232 TIME_WAIT
TCP 192.168.10.18:25 221.196.90.202:36934 CLOSING
TCP 192.168.10.18:25 221.196.147.47:2215 TIME_WAIT
TCP 192.168.10.18:25 221.196.147.47:2277 TIME_WAIT
TCP 192.168.10.18:25 221.196.147.47:2280 TIME_WAIT
TCP 192.168.10.18:25 221.205.196.25:4716 LAST_ACK
TCP 192.168.10.18:25 221.205.208.22:21126 TIME_WAIT
TCP 192.168.10.18:25 221.205.208.22:21128 TIME_WAIT

alot of these IPs are from asia but i'm not sure if i should be blocking on the firewall, router, or ISP.

themut · Feb 12, 2004

Configure connection and embryonic limits on your static translation, for example:

static (inside, outside) <mail-public-ip> 192.168.10.18:25 netmask 255.255.255.255 100 500

Where 100 is the maximum number of simultaneous TCP and UDP connections allowed, and 500 is the maximum number of embryonic (half open) connections. This will protect you against SYN attacks, you will need to determine the correct settings for your network regarding the maximum number of simultaneous connections and embryonic connections.

The link below explains this feature on the static command:

http://cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#1026694

themut · Feb 12, 2004

I forgot... After you reconfigured the static statement you will need to issue a "clear xlate" command so the changes take effect immediately. Beware this command will drop all your current connections.

andf1 · Feb 12, 2004

Have you confirmed that your mail server is not an open relay?

Andy

staboogie · Feb 12, 2004

Yes, I had MS try to relay from my server and they cannot. Alot of our mail comes in about 6 hours to 2 days late. Thanks to themut but what happens when it gets to 500 connectios? And is this too much of a strain for my firewall, have a pix 506.

themut · Feb 12, 2004

The 501th embryonic connection will be dropped by the PIX. Like I said above... this was just an example and you have to find the correct setting for your network.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

HELP UNDER ATTACK

staboogie

MIS

themut

Technical User

themut

Technical User

andf1

Technical User

staboogie

MIS

themut

Technical User

Similar threads

Part and Inventory Search

Sponsor