Re: Where are "Log AttacLog" emails coming from...

To: debian-user@lists.debian.org
Cc: NN_il_Confusionario <pinkof.pallus@tiscalinet.it>
Subject: Re: Where are "Log AttacLog" emails coming from...
From: Hose <subscriptions@bluemaggottowel.com>
Date: Sat, 12 Apr 2008 15:04:27 -0500
Message-id: <[🔎] 59FFF12E-6DE4-4DC2-939E-2A286145D241@bluemaggottowel.com>
In-reply-to: <[🔎] 20080412192027.GD24273@ibook99>
References: <[🔎] F631C4CB-1DB4-4E7D-9395-28615E2D0574@bluemaggottowel.com> <[🔎] 20080412192027.GD24273@ibook99>


On Apr 12, 2008, at 2:20 PM, NN_il_Confusionario wrote:

On Sat, Apr 12, 2008 at 09:24:30AM -0500, Hose wrote:

installed package that is spitting out snort-esque emails to root


check cron jobs
check active daemons
check the complete headers of the e-mail
(Since you can not find the log file, double check: is the email
originating from that box? from another log-host?)

Well I went back through the mail server logs to identify the host andthen the email headers, and then realized something - it WASN'Toriginating from the localhost. At first I thought it was, but then Icompletely misread the IP address in the headers. Doh.

FYI traced it down to an old WAP we use in legacy space that someonehacked to bits with openwrt, hence, the weird logs. Thanks.

Reply to:

References:
- Where are "Log AttacLog" emails coming from...
  - From: Hose <subscriptions@bluemaggottowel.com>
- Re: Where are "Log AttacLog" emails coming from...
  - From: NN_il_Confusionario <pinkof.pallus@tiscalinet.it>

Prev by Date: Re: euro sign / nobreak space
Next by Date: Re: browsers have become memory hogs
Previous by thread: Re: Where are "Log AttacLog" emails coming from...
Next by thread: Rhythmbox cannot play wma file
Index(es):
- Date
- Thread