[SURBL-Discuss] DoS Question

Kevin A. McGrail kmcgrail at pccc.com
Sat Jan 1 17:16:41 CET 2005


Anyone else seeing massive sendmail connections seemingly for the sole
purpose of a denial of service?  This is less than one minute or two after a
sendmail restart and we've been seeing this issue since app 6AM today.

Regards,
KAM

15991 ?        S      0:00 sendmail: accepting connections
16001 ?        S      0:00 sendmail: Queue runner at 00:05:00 for 
/var/spool/clientmqueue
16003 ?        S      0:00 sendmail: server localhost.localdomain 
[127.0.0.1] startup
16011 ?        S      0:00 sendmail: Queue runner at 02:00:00 for 
/var/spool/slow-mqueue
16012 ?        SN     0:00 sendmail: ./j019qwZv004520 a.mx.bmkblurb.com.: 
user open
16015 ?        S      0:00 sendmail: server dxbmiint3.emirates.com 
[194.170.246.36] startup
16016 ?        S      0:00 sendmail: server [202.54.102.156] startup
16018 ?        S      0:00 sendmail: server [211.104.187.50] startup
16019 ?        S      0:00 sendmail: server [220.120.62.88] startup
16021 ?        S      0:00 sendmail: server 
ll194-2-26-197-204-194.ll194-2.iam.net.ma [194.204.197.26] startup
16022 ?        S      0:00 sendmail: server [84.43.33.20] startup
16023 ?        S      0:00 sendmail: server 82-131-132-2.vnet.hu 
[82.131.132.2] startup
16024 ?        S      0:00 sendmail: server 
64-48-158-104-den-01.cvx.algx.net [64.48.158.104] startup
16025 ?        S      0:00 sendmail: server 
82-41-19-162.cable.ubr03.edin.blueyonder.co.uk [82.41.19.162] startup
16027 ?        S      0:00 sendmail: server ip-cust10018.telefonica-ca.net 
[216.184.126.18] (may be forged) startup
16028 ?        S      0:00 sendmail: server [211.114.176.195] startup
16029 ?        S      0:00 sendmail: server [220.125.52.195] startup
16030 ?        S      0:00 sendmail: server 210-20-54-62.rev.home.ne.jp 
[210.20.54.62] startup
16034 ?        S      0:00 sendmail: server [4.27.171.43] startup
16035 ?        S      0:00 sendmail: server 
13Cust29.VR2.NYC4.broadband.uu.net [63.13.166.29] startup
16038 ?        S      0:00 sendmail: server localhost.localdomain 
[127.0.0.1] startup
16040 ?        S      0:00 sendmail: server pD9E2C8C3.dip.t-dialin.net 
[217.226.200.195] startup
16041 ?        S      0:00 sendmail: server [222.185.250.34] startup
16042 ?        S      0:00 sendmail: server host013.acernautic.com 
[216.108.233.13] startup
16043 ?        S      0:00 sendmail: server [61.172.244.215] startup
16044 ?        S      0:00 sendmail: server [220.123.210.157] startup
16045 ?        S      0:00 sendmail: server 
pool-68-163-234-71.bos.east.verizon.net [68.163.234.71] startup
16046 ?        S      0:00 sendmail: server 
host73-186.pool8256.interbusiness.it [82.56.186.73] startup
16047 ?        S      0:00 sendmail: server [210.113.49.67] startup
16048 ?        S      0:00 sendmail: server 
c68.112.186.179.fdl.wi.charter.com [68.112.186.179] startup
16049 ?        S      0:00 sendmail: server 
228.70-84-59.reverse.theplanet.com [70.84.59.228] (may be forged) startup
16060 ?        S      0:00 sendmail: server localhost.localdomain 
[127.0.0.1] startup
16061 ?        S      0:00 sendmail: server [218.208.242.167] startup
16062 ?        S      0:00 sendmail: server bay102-f10.bay102.hotmail.com 
[64.4.61.20] startup
16063 ?        S      0:00 sendmail: server [65.78.254.163] startup
16064 ?        S      0:00 sendmail: server 24571.bhz.virtua.com.br 
[200.167.245.71] startup
16065 ?        S      0:00 sendmail: server [211.179.138.196] startup
16066 ?        S      0:00 sendmail: server [61.166.13.4] startup
16068 ?        S      0:00 sendmail: server 
APuteaux-153-1-40-49.w82-124.abo.wanadoo.fr [82.124.132.49] startup
16069 ?        S      0:00 sendmail: server [218.233.17.169] startup
16070 ?        S      0:00 sendmail: server 
c-24-13-203-45.client.comcast.net [24.13.203.45] startup
16071 ?        S      0:00 sendmail: server bounces.ibumblebee4.com 
[206.71.52.13] startup
16072 ?        S      0:00 sendmail: server [218.235.101.219] startup
16074 ?        S      0:00 sendmail: server 181.red-213-37-181.user.auna.net 
[213.37.181.181] (may be forged) startup
16077 ?        S      0:00 sendmail: server hermes.apache.org 
[209.237.227.199] startup
16078 ?        S      0:00 sendmail: server 
dsl-201-128-126-70.prod-infinitum.com.mx [201.128.126.70] (may be forged) 
startup
16079 ?        S      0:00 sendmail: server n1a.bulk.scd.yahoo.com 
[66.94.237.35] startup
16080 ?        S      0:00 sendmail: server [211.185.22.81] startup
16081 ?        S      0:00 sendmail: server lamx36.havagreatday.com 
[66.63.182.36] startup
16083 ?        S      0:00 sendmail: server [211.115.116.19] startup
16084 ?        S      0:00 sendmail: server [218.104.80.23] startup
16085 ?        S      0:00 sendmail: server n22a.bulk.scd.yahoo.com 
[66.94.237.51] startup
16086 ?        S      0:00 sendmail: server ns2.cube-technos.co.jp 
[60.32.0.83] startup
16091 ?        S      0:00 sendmail: server mxsmfpool23.ebay.com 
[66.135.209.220] startup
16093 ?        S      0:00 sendmail: server c906d0d1.virtua.com.br 
[201.6.208.209] startup
16100 ?        S      0:00 sendmail: server [198.172.80.180] startup
16102 ?        S      0:00 sendmail: server 
customer-reverse-entry.69.59.181.180 [69.59.181.180] (may be forged) startup
16104 ?        S      0:00 sendmail: server 24571.bhz.virtua.com.br 
[200.167.245.71] startup
16105 ?        S      0:00 sendmail: server mail6.surgant.com [64.0.201.121] 
startup
16106 ?        S      0:00 sendmail: server [198.172.80.74] startup
16107 ?        S      0:00 sendmail: server 
c-24-13-203-45.client.comcast.net [24.13.203.45] startup
16108 ?        S      0:00 sendmail: server bay1-f26.bay1.hotmail.com 
[65.54.245.26] startup
16109 ?        S      0:00 sendmail: server [193.129.96.138] startup
16110 ?        S      0:00 sendmail: server c24.183.51.76.mad.wi.charter.com 
[24.183.51.76] startup
16111 ?        S      0:00 sendmail: server 8.7.152.3.westgrep.info 
[8.7.152.3] startup
16112 ?        S      0:00 sendmail: server [61.3.224.82] startup
16113 ?        S      0:00 sendmail: server 
usen-221x253x207x69.ap-US01.usen.ad.jp [221.253.207.69] startup
16114 ?        S      0:00 sendmail: server [61.177.95.216] startup
16115 ?        S      0:00 sendmail: server tethys.herbagebunk.com 
[208.250.5.245] startup
16116 ?        S      0:00 sendmail: server [216.63.195.133] startup
16117 ?        S      0:00 sendmail: server 
cpe-069-134-008-168.carolina.rr.com [69.134.8.168] startup
16118 ?        S      0:00 sendmail: server VA1-1B-u-0483.mc.onolab.com 
[62.42.5.228] startup
16119 ?        S      0:00 sendmail: server [211.230.32.103] startup
16120 ?        S      0:00 sendmail: server [218.80.102.233] startup
16122 ?        S      0:00 sendmail: server 
adsl-67-39-207-175.dsl.bcvloh.ameritech.net [67.39.207.175] startup
16123 ?        S      0:00 sendmail: server [218.14.146.51] startup
16124 ?        S      0:00 sendmail: server [220.75.182.138] startup
16129 ?        S      0:00 sendmail: server [220.75.220.84] startup
16132 ?        S      0:00 sendmail: server [219.136.83.187] startup
16133 ?        S      0:00 sendmail: server n5a.bulk.scd.yahoo.com 
[66.94.237.39] startup
16135 ?        S      0:00 sendmail: server 
pool-68-162-185-58.pitt.east.verizon.net [68.162.185.58] startup
16136 ?        S      0:00 sendmail: server h8024847078.dsl.speedlinq.nl 
[80.248.44.78] (may be forged) startup
16137 ?        S      0:00 sendmail: server [221.15.5.43] startup
16141 ?        S      0:00 sendmail: server [220.119.63.191] startup
16142 ?        S      0:00 sendmail: server outmail-01.effectivesendinga.com 
[209.216.105.19] startup
16143 ?        S      0:00 sendmail: server 
pcp07278419pcs.alico01.fl.comcast.net [69.139.62.88] startup
16144 ?        S      0:00 sendmail: server [201.255.46.109] startup
16145 ?        S      0:00 sendmail: server [198.172.80.157] startup
16146 ?        S      0:00 sendmail: server [218.54.136.85] startup
16147 ?        S      0:00 sendmail: server [221.8.150.220] startup
16149 ?        S      0:00 sendmail: server [82.230.221.86] startup
16152 ?        S      0:00 sendmail: server [219.240.209.90] startup
16153 ?        S      0:00 sendmail: server c-24-1-43-131.client.comcast.net 
[24.1.43.131] startup
16155 ?        S      0:00 sendmail: server e82-103-142-136s.easyspeedy.com 
[82.103.142.135] (may be forged) startup
16156 ?        S      0:00 sendmail: server ACB6EDEF.ipt.aol.com 
[172.182.237.239] startup
16157 ?        S      0:00 sendmail: server 
roc-24-169-121-161.rochester.rr.com [24.169.121.161] startup
16158 ?        S      0:00 sendmail: server [218.80.30.226] startup
16160 ?        S      0:00 sendmail: server [61.61.177.163] startup
16161 ?        S      0:00 sendmail: server mail8.ghhijk.com [207.170.98.40] 
startup
16162 ?        S      0:00 sendmail: server [70.214.144.253] startup
16163 ?        S      0:00 sendmail: server 
AReims-108-1-2-130.w81-53.abo.wanadoo.fr [81.53.229.130] startup
16164 ?        S      0:00 sendmail: server mta1.true.com [69.56.167.147] 
startup
16165 ?        S      0:00 sendmail: server out014pub.verizon.net 
[206.46.170.46] startup
16166 ?        S      0:00 sendmail: server dc2.dig-net.com [64.95.116.52] 
startup
16168 ?        S      0:00 sendmail: server sccrmhc12.comcast.net 
[204.127.202.56] startup
16170 ?        S      0:00 sendmail: server mail5.fundowntheroad.com 
[207.170.100.101] startup
16173 ?        S      0:00 sendmail: server n12a.bulk.scd.yahoo.com 
[66.94.237.20] startup
16174 ?        S      0:00 sendmail: server [217.23.183.22] startup
16175 ?        S      0:00 sendmail: server 
AAmiens-151-1-34-3.w83-192.abo.wanadoo.fr [83.192.180.3] startup
16176 ?        S      0:00 sendmail: server ppp-62-235-124-50.tiscali.be 
[62.235.124.50] startup
16177 ?        S      0:00 sendmail: server [218.25.114.128] startup
16181 ?        S      0:00 sendmail: server 22315.bsb.virtua.com.br 
[200.167.223.15] startup
16187 ?        S      0:00 sendmail: server 
res-66-169-17-252.spa.sc.charter.com [66.169.17.252] startup
16188 ?        S      0:00 sendmail: server [61.178.209.21] startup
16193 ?        S      0:00 sendmail: server notfound [83.246.112.45] (may be 
forged) startup
16194 ?        S      0:00 sendmail: server FLH1Adt069.tky.mesh.ad.jp 
[60.236.81.69] startup
16195 ?        S      0:00 sendmail: server outmail-01.beerbellybargaina.com 
[206.71.58.12] startup
16196 ?        S      0:00 sendmail: server s5.blackjackpresents.com 
[65.123.250.108] (may be forged) startup
16197 ?        S      0:00 sendmail: server 198.red-82-158-48.user.auna.net 
[82.158.48.198] (may be forged) startup
16198 ?        S      0:00 sendmail: server c90644d4.virtua.com.br 
[201.6.68.212] startup
16199 ?        S      0:00 sendmail: server 217172.bsb.virtua.com.br 
[200.167.217.172] startup
16200 ?        S      0:00 sendmail: server [211.97.156.50] startup
16201 ?        S      0:00 sendmail: server 
cablelink5-82-77-151-202.rdstm.ro [82.77.151.202] (may be forged) startup
16202 ?        S      0:00 sendmail: server [200.167.58.83] startup
16204 ?        S      0:00 sendmail: server 
adsl-65-42-242-7.dsl.lgtpmi.ameritech.net [65.42.242.7] startup
16205 ?        S      0:00 sendmail: server cm05.edoca.com [66.63.170.45] 
(may be forged) startup
16208 ?        S      0:00 sendmail: server [203.90.160.30] startup
16209 ?        S      0:00 sendmail: server 
cablelink5-82-77-151-202.rdstm.ro [82.77.151.202] (may be forged) startup
16216 ?        S      0:00 sendmail: server 
adsl-69-109-31-184.dsl.renocs.nvbell.net [69.109.31.184] startup
16217 ?        S      0:00 sendmail: server 
user-0cej18t.cable.mindspring.com [24.233.133.29] startup
16221 ?        S      0:00 sendmail: server lamx33.havagreatday.com 
[66.63.182.33] startup
16223 ?        S      0:00 sendmail: server [218.52.79.116] startup
16224 ?        S      0:00 sendmail: server 
customer-reverse-entry.69.59.181.180 [69.59.181.180] (may be forged) startup
16225 ?        S      0:00 sendmail: server [218.80.102.233] startup
16226 ?        S      0:00 sendmail: server 
outmail-01.centralreliability.com [209.216.105.11] startup
16227 ?        S      0:00 sendmail: server 
modemcable020.183-131-66.mc.videotron.ca [66.131.183.20] startup
16228 ?        S      0:00 sendmail: server [219.252.195.7] startup
16232 ?        S      0:00 sendmail: server 200-161-19-79.dsl.telesp.net.br 
[200.161.19.79] startup
16233 ?        S      0:00 sendmail: server 
modemcable214.51-200-24.mc.videotron.ca [24.200.51.214] startup
16234 ?        S      0:00 sendmail: server [61.8.211.107] startup
16236 ?        S      0:00 sendmail: server 
hnllhi1-ar8-4-11-077-069.dsl-verizon.net [4.11.77.69] startup
16238 ?        S      0:00 sendmail: server n17a.bulk.scd.yahoo.com 
[66.94.237.46] startup
16239 ?        S      0:00 sendmail: server anetrelay2f.authorize.net 
[64.94.119.18] startup
16241 ?        S      0:00 sendmail: server 
gailleton-1-82-67-6-76.fbx.proxad.net [82.67.6.76] startup
16242 ?        S      0:00 sendmail: server ZQ206213.ppp.dion.ne.jp 
[222.13.206.213] startup
16244 ?        S      0:00 sendmail: server 
adsl-215-218-32.aep.bellsouth.net [68.215.218.32] startup
16245 ?        S      0:00 sendmail: server [211.207.196.53] startup
16246 ?        S      0:00 sendmail: server 
c-24-22-47-253.client.comcast.net [24.22.47.253] startup
16247 ?        S      0:00 sendmail: server 
82-46-253-39.cable.ubr03.smal.blueyonder.co.uk [82.46.253.39] startup
16248 ?        S      0:00 sendmail: server out008pub.verizon.net 
[206.46.170.108] startup
16249 ?        S      0:00 sendmail: server 
host122-48.pool80181.interbusiness.it [80.181.48.122] startup
16250 ?        S      0:00 sendmail: server [61.52.37.201] startup
16251 ?        S      0:00 sendmail: server cindyloo.teamworksmedia.com 
[198.63.216.71] startup
16252 ?        S      0:00 sendmail: server 
206-81-80-237.spokane.acetechusa.com [206.81.80.237] (may be forged) startup
16253 ?        S      0:00 sendmail: server 
ppp-61.91.78.246.revip.asianet.co.th [61.91.78.246] startup
16254 ?        S      0:00 sendmail: server [221.233.211.66] startup
16255 ?        S      0:00 sendmail: server bb-195-172-49-251.ukonline.co.uk 
[195.172.49.251] startup
16256 ?        S      0:00 sendmail: server 
outmail-01.centralreliabilityc.com [209.216.105.14] startup
16257 ?        S      0:00 sendmail: server 68.domain.tld [207.157.69.68] 
(may be forged) startup
16258 ?        S      0:00 sendmail: server [211.227.149.108] startup
16259 ?        S      0:00 sendmail: server 129.red-213-37-90.user.auna.net 
[213.37.90.129] (may be forged) startup
16260 ?        S      0:00 sendmail: server YahooBB218112124022.bbtec.net 
[218.112.124.22] startup
16261 ?        S      0:00 sendmail: server net-152-111-125-52.mweb.co.za 
[152.111.125.52] (may be forged) startup
16262 ?        S      0:00 sendmail: server c-134-80-77.f.dial.de.ignite.net 
[62.134.80.77] startup
16266 ?        S      0:00 sendmail: server [200.103.60.144] startup
16275 ?        S      0:00 sendmail: server [61.255.23.78] startup
16277 ?        S      0:00 sendmail: server 1.tfmbuysc.com [63.214.155.18] 
(may be forged) startup
16278 ?        S      0:00 sendmail: server 17923191.rjo.virtua.com.br 
[200.179.231.91] startup
16279 ?        S      0:00 sendmail: server 
200141086157.user.veloxzone.com.br [200.141.86.157] startup
16294 ?        S      0:00 sendmail: ./j01GF1xj016294 [127.0.0.1]: client 
greeting
16296 ?        S      0:00 sendmail: server localhost.localdomain 
[127.0.0.1] startup
16297 ?        S      0:00 sendmail: server 
user-0cet0mq.cable.mindspring.com [24.238.130.218] startup
16298 ?        S      0:00 sendmail: server mail6.ghhijk.com [207.170.98.14] 
startup
16299 ?        S      0:00 sendmail: server mail6.fundowntheroad.com 
[207.170.100.102] startup
16300 ?        S      0:00 sendmail: server mail2.fundowntheroad.com 
[207.170.100.100] startup
16301 ?        S      0:00 sendmail: server [210.204.11.200] startup
16302 ?        S      0:00 sendmail: server mail1.fundowntheroad.com 
[207.170.100.97] startup
16303 ?        S      0:00 sendmail: server mail3.fundowntheroad.com 
[207.170.100.98] startup
16304 ?        S      0:00 sendmail: server mail6.fundowntheroad.com 
[207.170.100.102] startup
16305 ?        S      0:00 sendmail: server mail4.villner.com 
[207.182.156.21] startup
16306 ?        S      0:00 sendmail: server mail14.villner.com 
[207.182.156.31] startup
16307 ?        S      0:00 sendmail: server mail17.villner.com 
[207.182.156.34] startup
16308 ?        S      0:00 sendmail: server imr-m03.mx.aol.com 
[64.12.138.201] startup
16309 ?        S      0:00 sendmail: server d4.dafoggle.com [66.154.112.244] 
startup
16310 ?        S      0:00 sendmail: server e6.erfooble.com [66.154.112.86] 
startup
16311 ?        S      0:00 sendmail: server [60.176.251.236] startup
16312 ?        SN     0:00 sendmail: ./j01EAF5Z009256 vc.ghul-group.com.: 
user open
16313 ?        S      0:00 sendmail: server [211.158.54.142] startup
16314 ?        S      0:00 sendmail: ./j01G90ZZ015842 [127.0.0.1]: client 
greeting
16315 ?        S      0:00 sendmail: server localhost.localdomain 
[127.0.0.1] startup
16316 ?        S      0:00 sendmail: server 
dsl093-044-153.sac1.dsl.speakeasy.net [66.93.44.153] startup
16317 ?        S      0:00 sendmail: server imr-m03.mx.aol.com 
[64.12.138.201] startup
16318 ?        S      0:00 sendmail: server imr-d06.mx.aol.com 
[205.188.159.7] startup
16323 ?        S      0:00 sendmail: server imr-d05.mx.aol.com 
[205.188.156.66] startup
16324 ?        S      0:00 sendmail: server ppp93-67.dsl-pun.eth.net 
[61.11.93.67] (may be forged) startup
16325 ?        S      0:00 sendmail: server [210.204.11.200] startup
16326 ?        S      0:00 sendmail: server [219.251.146.109] startup
16327 ?        S      0:00 sendmail: server [220.86.153.216] startup
16328 ?        S      0:00 sendmail: server [222.79.166.130] startup
16330 ?        S      0:00 sendmail: server [65.169.182.69] startup
16332 ?        S      0:00 sendmail: server 
200-187-213-184.brt.dialuol.com.br [200.187.213.184] startup
16333 ?        S      0:00 sendmail: server [200.195.48.163] startup
16334 ?        S      0:00 sendmail: server [200.167.58.83] startup
16335 ?        S      0:00 sendmail: server [219.248.223.170] startup
16336 ?        S      0:00 sendmail: server [211.116.25.117] startup
16337 ?        S      0:00 sendmail: server [200.166.30.2] startup
16338 ?        S      0:00 sendmail: server [60.222.36.251] startup
16339 ?        S      0:00 sendmail: server dhcp024-209-077-079.woh.rr.com 
[24.209.77.79] startup
16340 ?        S      0:00 sendmail: server lamx33.havagreatday.com 
[66.63.182.33] startup
16341 ?        S      0:00 sendmail: server [221.146.163.52] startup
16342 ?        S      0:00 sendmail: server 
pcp01451742pcs.chmbrs01.pa.comcast.net [68.83.40.197] startup
16343 ?        S      0:00 sendmail: server 
adsl-68-255-77-60.dsl.lgtpmi.ameritech.net [68.255.77.60] startup
16344 ?        S      0:00 sendmail: server d172.dhcp212-198-132.noos.fr 
[212.198.132.172] startup
16345 ?        S      0:00 sendmail: server 
dup-148-221-127-252.prodigy.net.mx [148.221.127.252] startup
16346 ?        S      0:00 sendmail: server 201-1-168-214.dsl.telesp.net.br 
[201.1.168.214] (may be forged) startup
16347 ?        S      0:00 sendmail: server meaningful.inboxrebates3.com 
[67.134.43.8] startup
16348 ?        S      0:00 sendmail: server 
200-98-109-253.tlf.dialuol.com.br [200.98.109.253] startup
16350 ?        S      0:00 sendmail: startup with 218.198.33.24
16355 ?        S      0:00 sendmail: server 
pcp07278419pcs.alico01.fl.comcast.net [69.139.62.88] startup
16357 ?        S      0:00 sendmail: server 
200-168-11-193.dial-up.telesp.net.br [200.168.11.193] (may be forged) 
startup



More information about the Discuss mailing list