Dear All,
We have been intimated that one of our IP's have been
infrected. As you are aware, the internal users are unable to connect to
the Mail Server using outlook clients. I am enclosing the log received. Can
you kindly help.
*** Cyber Security Open Data:
> *** Browse
> http://botnet-tracker.blogspot.com/search/label/suspected%20bots%20ip
> *** follow the link within posts to download IP lists of suspected
> *** infected computers. Use them to create more effective defenses,
> *** discover latest trends of cyber attacks, etc.
>
> ---- connection log (time zone is UTC; sent to r...@nic.in) ---- date =>
time
> => TZ => attacker IP => network name => local IP => local TCP port#
>
----------------------------------------------------------------------------
> ---
> 2014-06-06 22:18:43 UTC 14.139.109.146 RSMANI-NKN-IN Fwd: FW: [June 06]IP
addresses of suspected botnet computers attached, please notify their
owners.
> 2014-06-06 22:18:53 UTC 14.139.109.146 RSMANI-NKN-IN 114.34.13.159 25
> 2014-06-06 22:19:03 UTC 14.139.109.146 RSMANI-NKN-IN 114.34.13.159 25
> 2014-06-06 22:19:12 UTC 14.139.109.146 RSMANI-NKN-IN 114.34.13.159 25
> 2014-06-06 22:19:30 UTC 14.139.109.146 RSMANI-NKN-IN 114.34.13.159 25
>
> ---- internet email headers ----
> Received: from [14.139.109.146] (helo=114.34.13.159)
> by mtavista.cellfone.kwik.to with smtp (Exim 4.82)
> (envelope-from <exjyv...@163.com>)
> id 1Wt2UM-0000eH-Kk; Fri, 06 Jun 2014 22:19:30 +0000
> Received: from 0.166.36.74 by 14.139.109.146; Fri, 06 Jun 2014 16:11:47
> -0600
> Message-ID: <qbajcrivjlxalkydjzwx...@163.com>
> From: ***"}¤h¥§¸g¨å¬G¨Æ³Ì«á¤@§åµ£®Ñª©Åv¨ì´Á¤j¥X²M¡I" <gtthhl...@163.com>
> Reply-To: "©_¥ý¥Í§®¤p©j³Ì«á¤@§åª©Åv¨ì´Á¡I¤û¹yµ£®ÑË©±¡A¶W¯Å«K©y¡I"
> <chsp...@163.com>
> To: smhsno...@yahoo.com.tw
> Cc: vttr...@yahoo.com.tw, stu60...@yahoo.com.tw, ttyan...@yahoo.com.tw,
> tmichelle...@yahoo.com.tw, tmac0...@yahoo.com.tw,
> shiuanyihw...@yahoo.com.tw, vickymaygo0...@yahoo.com.tw,
> sunny6...@yahoo.com.tw, sheep1...@yahoo.com.tw, vanill...@yahoo.com.tw,
> weiy020...@yahoo.com.tw, vanilla...@yahoo.com.tw, sheng...@yahoo.com.tw,
> wa3333...@yahoo.com.tw, vip4622...@yahoo.com.tw, th...@yahoo.com.tw,
> usa_e...@yahoo.com.tw, starverab...@yahoo.com.tw, shsiao0...@yahoo.com.tw,
> to616ci...@yahoo.com.tw, tea8...@yahoo.com.tw, tzu...@yahoo.com.tw,
> str11...@yahoo.com.tw, weng6...@yahoo.com.tw, tony750...@yahoo.com.tw,
> sunny010...@yahoo.com.tw, top803...@yahoo.com.tw, tonnyma...@yahoo.com.tw,
> sos...@yahoo.com.tw
> Subject: ©_¥ý¥Í§®¤p©j³Ì«á¤@§åª©Åv¨ì´Á¡I¤û¹yµ£®ÑË©±¡A¶W¯Å«K©y¡I
> Date: Fri, 06 Jun 2014 18:08:47 -0400
> X-Mailer: Microsoft Outlook Express 5.50.4522.1200
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="--26491988667629683055"
> X-Priority: 3
> X-MSMail-Priority: Normal
Regards
Prashant
--
Prashant Kulkarni, Programme Coordinator & Registrar (A)
Centre for Materials for Electronics Technology,
Panchawati, Off: Dr.Homi Bhabha Road,
Pashan, Pune-411 008
Phone: (O)020-25881519;(R)25893412
Mob:9420170735; Fax:25898085
email: major...@gmail.com
_______________________________________
Pune GNU/Linux Users Group Mailing List
