[PLUG] Fwd: Help with LINUX

Prashant majorppk at gmail.com
Sun Jun 8 10:40:26 IST 2014 

Dear All,
             We have been intimated that one of our IP's have been
infrected. As you are aware, the internal users are unable to connect to
the Mail Server using outlook clients. I am enclosing the log received. Can
you kindly help.
*** Cyber Security Open Data:
> *** Browse
> http://botnet-tracker.blogspot.com/search/label/suspected%20bots%20ip
> *** follow the link within posts to download IP lists of suspected
> *** infected computers. Use them to create more effective defenses,
> *** discover latest trends of cyber attacks, etc.
>
> ---- connection log (time zone is UTC; sent to rsm at nic.in) ---- date =>
time
> => TZ => attacker IP => network name => local IP => local TCP port#
>
----------------------------------------------------------------------------
> ---
> 2014-06-06 22:18:43 UTC 14.139.109.146 RSMANI-NKN-IN Fwd: FW: [June 06]IP
addresses of suspected botnet computers attached, please notify their
owners.
> 2014-06-06 22:18:53 UTC 14.139.109.146 RSMANI-NKN-IN 114.34.13.159 25
> 2014-06-06 22:19:03 UTC 14.139.109.146 RSMANI-NKN-IN 114.34.13.159 25
> 2014-06-06 22:19:12 UTC 14.139.109.146 RSMANI-NKN-IN 114.34.13.159 25
> 2014-06-06 22:19:30 UTC 14.139.109.146 RSMANI-NKN-IN 114.34.13.159 25
>
> ---- internet email headers ----
> Received: from [14.139.109.146] (helo=114.34.13.159)
> by mtavista.cellfone.kwik.to with smtp (Exim 4.82)
> (envelope-from <exjyvbex at 163.com>)
> id 1Wt2UM-0000eH-Kk; Fri, 06 Jun 2014 22:19:30 +0000
> Received: from 0.166.36.74 by 14.139.109.146; Fri, 06 Jun 2014 16:11:47
> -0600
> Message-ID: <QBAJCRIVJLXALKYDJZWXGPB at 163.com>
> From: ***"­}¤h¥§¸g¨å¬G¨Æ³Ì«á¤@§åµ£®Ñª©Åv¨ì´Á¤j¥X²M¡I" <gtthhlgsa at 163.com>
> Reply-To: "©_¥ý¥Í§®¤p©j³Ì«á¤@§åª©Åv¨ì´Á¡I¤û¹yµ£®Ñ­Ë©±¡A¶W¯Å«K©y¡I"
> <chspdpz at 163.com>
> To: smhsnoopy at yahoo.com.tw
> Cc: vttrfp6 at yahoo.com.tw, stu60404 at yahoo.com.tw, ttyang59 at yahoo.com.tw,
> tmichellesky at yahoo.com.tw, tmac0101 at yahoo.com.tw,
> shiuanyihwang at yahoo.com.tw, vickymaygo0907 at yahoo.com.tw,
> sunny6125 at yahoo.com.tw, sheep112v at yahoo.com.tw, vanillav6 at yahoo.com.tw,
> weiy020101 at yahoo.com.tw, vanilla460 at yahoo.com.tw, sheng163 at yahoo.com.tw,
> wa3333458 at yahoo.com.tw, vip4622153 at yahoo.com.tw, tha04 at yahoo.com.tw,
> usa_evan at yahoo.com.tw, starverabbit at yahoo.com.tw, shsiao0505 at yahoo.com.tw,
> to616cindy at yahoo.com.tw, tea8550 at yahoo.com.tw, tzuyug at yahoo.com.tw,
> str11111 at yahoo.com.tw, weng6392 at yahoo.com.tw, tony750428 at yahoo.com.tw,
> sunny010268 at yahoo.com.tw, top803930 at yahoo.com.tw, tonnymarkx at yahoo.com.tw,
> sos-29 at yahoo.com.tw
> Subject: ©_¥ý¥Í§®¤p©j³Ì«á¤@§åª©Åv¨ì´Á¡I¤û¹yµ£®Ñ­Ë©±¡A¶W¯Å«K©y¡I
> Date: Fri, 06 Jun 2014 18:08:47 -0400
> X-Mailer: Microsoft Outlook Express 5.50.4522.1200
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="--26491988667629683055"
> X-Priority: 3
> X-MSMail-Priority: Normal

Regards

Prashant








-- 
Prashant Kulkarni, Programme Coordinator & Registrar (A)
Centre for Materials for Electronics Technology,
Panchawati, Off: Dr.Homi Bhabha Road,
Pashan, Pune-411 008
Phone: (O)020-25881519;(R)25893412
Mob:9420170735; Fax:25898085
email: majorppk at gmail.com

More information about the Plug-mail mailing list