On 4/19/24 8:31 AM, Jaroslaw Rafa via mailop wrote:
I started to monitor all outgoing traffic from my server towards his IP address with tcpdump, then I put up firewall rules that blocked (with logging) all outgoing traffic to his IP other than to port 25. Obviously no packets were going out of my server towards his, yet the guy insisted that strange traffic from my address is still incoming. Indeed, his firewall kept blocking me and he kept unblocking me manually 😄.
I wonder if TCP connections were being fully established. Is there a chance that someone was spoofing your IP?
Could he produce packet captures for you to analyze? Is there a possibility of a compromised CPE that's hijacking the IP? -- Grant. . . . unix || die _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
