Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25

Thread: help with email spamming.

  1. #21
    Join Date
    Aug 2010
    Beans
    40

    Re: help with email spamming.

    nono, As in I got it from here on out... Spent the day over this one, some clever whatnot's, to remove it.

    KS - KasperSky.

  2. #22
    Join Date
    Aug 2010
    Beans
    40

    Re: help with email spamming.

    just one small other thing I see here,
    Code:
    2021-12-02 15:09:43.879437 IP 192.168.0.25.53630 > 192.168.0.19.22: Flags [.], ack 346472688, win 63104, length 0
    2021-12-02 15:09:43.879452 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346472880:346473072, ack 512001, win 65535, length 192
    2021-12-02 15:09:43.879495 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346473072:346473248, ack 512001, win 65535, length 176
    2021-12-02 15:09:43.879524 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346473248:346473440, ack 512001, win 65535, length 192
    2021-12-02 15:09:43.879580 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346473440:346473824, ack 512001, win 65535, length 384
    2021-12-02 15:09:43.879641 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346473824:346474016, ack 512001, win 65535, length 192
    2021-12-02 15:09:43.879691 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346474016:346474208, ack 512001, win 65535, length 192
    2021-12-02 15:09:43.879741 IP 192.168.0.19.22 > 192.168.0.25.53630: Flags [P.], seq 346474208:346474400, ack 512001, win 65535, length 192
    What could this be, its spamming really fast. I have no idea what 192.168.19.22 is but I see its a private IP. it does not reply to a ping or nslookup.

    update: oh I think its my ssh connection. as a result of running tcpdump -n -tttt -i enp3s5


    Last edited by ulao3; December 2nd, 2021 at 04:32 PM.

  3. #23
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    3,101
    Distro
    Ubuntu Development Release

    Re: help with email spamming.

    Quote Originally Posted by ulao3 View Post
    What could this be, its spamming really fast. I have no idea what 192.168.0.19.22 is but I see its a private IP. it does not reply to a ping or nslookup.
    You don't know what 192.168.0.19 is? I can not help with that, because as you say it is on your LAN. The port involved is SSH, port 22.

    Just a guess below:
    Might you just so happen to have an SSH session open between 192.168.0.25 (client) and 192.168.0.19 (server)? And are you running tcpdump via a terminal on 192.168.0.25? If yes, then you are flooding yourself as tcpdump captures the traffic and then sends it to the client, creating an infinite loop.
    I always communicate with my servers via ssh, and have to make sure to avoid this situation via a "not host". Example:

    Code:
    doug@s19:~/temp-k-git/linux$ sudo tcpdump -n -tttt -i br0 not host 192.168.111.122
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
    2021-12-02 07:33:18.529276 ARP, Request who-has 192.168.111.4 (ff:ff:ff:ff:ff:ff) tell 192.168.111.58, length 46
    2021-12-02 07:33:19.705503 ARP, Request who-has 192.168.111.136 (ff:ff:ff:ff:ff:ff) tell 192.168.111.58, length 46
    2021-12-02 07:33:19.705555 ARP, Reply 192.168.111.136 is-at 3c:7c:3f:0d:99:83, length 28
    ^C
    3 packets captured
    3 packets received by filter
    0 packets dropped by kernel
    otherwise (very fast):

    Code:
    2021-12-02 07:34:17.745493 IP 192.168.111.122.53781 > 192.168.111.136.22: Flags [.], ack 1378048, win 8209, length 0
    2021-12-02 07:34:17.745525 IP 192.168.111.136.22 > 192.168.111.122.53781: Flags [P.], seq 1378220:1378548, ack 757, win 501, length 328
    2021-12-02 07:34:17.745573 IP 192.168.111.136.22 > 192.168.111.122.53781: Flags [P.], seq 1378548:1378720, ack 757, win 501, length 172
    2021-12-02 07:34:17.745621 IP 192.168.111.136.22 > 192.168.111.122.53781: Flags [P.], seq 1378720:1378892, ack 757, win 501, length 172
    2021-12-02 07:34:17.745719 IP 192.168.111.136.22 > 192.168.111.122.53781: Flags [P.], seq 1378892:1379064, ack 757, win 501, length 172
    2021-12-02 07:34:17.745731 IP 192.168.111.122.53781 > 192.168.111.136.22: Flags [P.], seq 757:793, ack 1378048, win 8209, length 36
    2021-12-02 07:34:17.745731 IP 192.168.111.122.53781 > 192.168.111.136.22: Flags [.], ack 1378720, win 8212, length 0
    ^C
    8335 packets captured
    8337 packets received by filter
    0 packets dropped by kernel
    EDIT: or:
    Code:
    $ sudo tcpdump -n -tttt -i br0 not port 22
    Last edited by Doug S; December 2nd, 2021 at 04:47 PM.
    Any follow-up information on your issue would be appreciated. Please have the courtesy to report back.

  4. #24
    Join Date
    Aug 2010
    Beans
    40

    Re: help with email spamming.

    You don't know what 192.168.0.19 is?
    Of course I know what that is.

    I said

    I have no idea what 192.168.19.22 is
    Might you just so happen to have an SSH session open between 192.168.0.25 (client) and 192.168.0.19 (server)?
    did you miss my update ?

    update: oh I think its my ssh connection. as a result of running tcpdump -n -tttt -i enp3s5

  5. #25
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    3,101
    Distro
    Ubuntu Development Release

    Re: help with email spamming.

    Quote Originally Posted by ulao3 View Post
    Of course I know what that is.

    I said




    did you miss my update ?
    Yes, I guess I was already writting my reply when you updated.

    I had assumed 192.168.19.22 was a typo and you had meant to write 192.168.0.19.
    Any follow-up information on your issue would be appreciated. Please have the courtesy to report back.

Page 3 of 3 FirstFirst 123

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •