SupermanInNY
Verified User
- Joined
- Sep 28, 2004
- Messages
- 419
I'm getting hit with too many concurrent SMTP connections.
That's not something that I've ever seen, so I'm suspecting this is some kind of an attack of some sort.
29327 ? Ss 0:00 /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29355 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29356 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29359 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29360 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29361 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29362 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29364 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29365 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29366 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29367 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29368 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29369 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29370 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29371 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29373 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29375 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29377 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29379 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29380 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29381 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29385 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29386 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29387 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29388 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29389 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29390 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29394 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
and my mainlog gets many of these:
2007-10-02 01:00:38 Connection from [83.10.118.226] refused: too many connections
2007-10-02 01:00:38 Connection from [71.181.161.186] refused: too many connections
2007-10-02 01:00:38 Connection from [75.132.15.88] refused: too many connections
2007-10-02 01:00:38 Connection from [86.151.160.215] refused: too many connections
2007-10-02 01:00:38 Connection from [81.129.119.104] refused: too many connections
2007-10-02 01:00:38 Connection from [75.80.4.63] refused: too many connections
2007-10-02 01:00:38 Connection from [82.31.18.228] refused: too many connections
2007-10-02 01:00:38 Connection from [65.89.103.130] refused: too many connections
2007-10-02 01:00:38 Connection from [81.129.119.104] refused: too many connections
2007-10-02 01:00:38 Connection from [207.255.101.223] refused: too many connections
2007-10-02 01:00:38 Connection from [200.5.198.201] refused: too many connections
2007-10-02 01:00:38 Connection from [201.92.134.79] refused: too many connections
2007-10-02 01:00:39 Connection from [212.183.54.128] refused: too many connections
2007-10-02 01:00:39 Connection from [75.130.79.88] refused: too many connections
2007-10-02 01:00:39 Connection from [201.83.21.152] refused: too many connections
2007-10-02 01:00:39 Connection from [213.144.122.230] refused: too many connections
2007-10-02 01:00:39 Connection from [201.3.14.44] refused: too many connections
2007-10-02 01:00:39 Connection from [151.41.77.252] refused: too many connections
2007-10-02 01:00:39 Connection from [189.136.203.32] refused: too many connections
2007-10-02 01:00:39 Connection from [201.79.214.184] refused: too many connections
2007-10-02 01:00:39 Connection from [190.49.208.153] refused: too many connections
2007-10-02 01:00:40 Connection from [201.78.219.231] refused: too many connections
2007-10-02 01:00:40 Connection from [62.57.91.80] refused: too many connections
2007-10-02 01:00:40 Connection from [90.20.187.232] refused: too many connections
2007-10-02 01:00:40 Connection from [189.136.203.32] refused: too many connections
2007-10-02 01:00:40 Connection from [189.136.203.32] refused: too many connections
2007-10-02 01:00:40 Connection from [189.136.203.32] refused: too many connections
2007-10-02 01:00:40 Connection from [201.20.64.101] refused: too many connections
2007-10-02 01:00:40 Connection from [24.88.90.224] refused: too many connections
2007-10-02 01:00:40 Connection from [201.8.157.102] refused: too many connections
2007-10-02 01:00:40 Connection from [60.38.37.114] refused: too many connections
2007-10-02 01:00:40 Connection from [80.228.198.89] refused: too many connections
2007-10-02 01:00:40 Connection from [86.69.46.107] refused: too many connections
2007-10-02 01:00:40 Connection from [190.142.49.92] refused: too many connections
2007-10-02 01:00:44 Connection from [200.86.184.112] refused: too many connections
2007-10-02 01:00:44 Connection from [189.24.101.249] refused: too many connections
2007-10-02 01:00:44 Connection from [24.232.87.92] refused: too many connections
2007-10-02 01:00:45 Connection from [90.188.197.38] refused: too many connections
2007-10-02 01:00:46 Connection from [190.86.84.108] refused: too many connections
2007-10-02 01:00:46 Connection from [201.78.126.254] refused: too many connections
2007-10-02 01:00:47 Connection from [86.139.48.252] refused: too many connections
2007-10-02 01:00:47 Connection from [68.179.17.185] refused: too many connections
2007-10-02 01:00:47 Connection from [200.214.157.3] refused: too many connections
Any pointers?
-Alon
That's not something that I've ever seen, so I'm suspecting this is some kind of an attack of some sort.
29327 ? Ss 0:00 /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29355 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29356 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29359 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29360 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29361 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29362 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29364 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29365 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29366 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29367 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29368 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29369 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29370 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29371 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29373 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29375 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29377 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29379 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29380 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29381 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29385 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29386 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29387 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29388 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29389 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29390 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
29394 ? S 0:00 \_ /usr/sbin/exim -bd -q15m -oP /var/run/exim.pid
and my mainlog gets many of these:
2007-10-02 01:00:38 Connection from [83.10.118.226] refused: too many connections
2007-10-02 01:00:38 Connection from [71.181.161.186] refused: too many connections
2007-10-02 01:00:38 Connection from [75.132.15.88] refused: too many connections
2007-10-02 01:00:38 Connection from [86.151.160.215] refused: too many connections
2007-10-02 01:00:38 Connection from [81.129.119.104] refused: too many connections
2007-10-02 01:00:38 Connection from [75.80.4.63] refused: too many connections
2007-10-02 01:00:38 Connection from [82.31.18.228] refused: too many connections
2007-10-02 01:00:38 Connection from [65.89.103.130] refused: too many connections
2007-10-02 01:00:38 Connection from [81.129.119.104] refused: too many connections
2007-10-02 01:00:38 Connection from [207.255.101.223] refused: too many connections
2007-10-02 01:00:38 Connection from [200.5.198.201] refused: too many connections
2007-10-02 01:00:38 Connection from [201.92.134.79] refused: too many connections
2007-10-02 01:00:39 Connection from [212.183.54.128] refused: too many connections
2007-10-02 01:00:39 Connection from [75.130.79.88] refused: too many connections
2007-10-02 01:00:39 Connection from [201.83.21.152] refused: too many connections
2007-10-02 01:00:39 Connection from [213.144.122.230] refused: too many connections
2007-10-02 01:00:39 Connection from [201.3.14.44] refused: too many connections
2007-10-02 01:00:39 Connection from [151.41.77.252] refused: too many connections
2007-10-02 01:00:39 Connection from [189.136.203.32] refused: too many connections
2007-10-02 01:00:39 Connection from [201.79.214.184] refused: too many connections
2007-10-02 01:00:39 Connection from [190.49.208.153] refused: too many connections
2007-10-02 01:00:40 Connection from [201.78.219.231] refused: too many connections
2007-10-02 01:00:40 Connection from [62.57.91.80] refused: too many connections
2007-10-02 01:00:40 Connection from [90.20.187.232] refused: too many connections
2007-10-02 01:00:40 Connection from [189.136.203.32] refused: too many connections
2007-10-02 01:00:40 Connection from [189.136.203.32] refused: too many connections
2007-10-02 01:00:40 Connection from [189.136.203.32] refused: too many connections
2007-10-02 01:00:40 Connection from [201.20.64.101] refused: too many connections
2007-10-02 01:00:40 Connection from [24.88.90.224] refused: too many connections
2007-10-02 01:00:40 Connection from [201.8.157.102] refused: too many connections
2007-10-02 01:00:40 Connection from [60.38.37.114] refused: too many connections
2007-10-02 01:00:40 Connection from [80.228.198.89] refused: too many connections
2007-10-02 01:00:40 Connection from [86.69.46.107] refused: too many connections
2007-10-02 01:00:40 Connection from [190.142.49.92] refused: too many connections
2007-10-02 01:00:44 Connection from [200.86.184.112] refused: too many connections
2007-10-02 01:00:44 Connection from [189.24.101.249] refused: too many connections
2007-10-02 01:00:44 Connection from [24.232.87.92] refused: too many connections
2007-10-02 01:00:45 Connection from [90.188.197.38] refused: too many connections
2007-10-02 01:00:46 Connection from [190.86.84.108] refused: too many connections
2007-10-02 01:00:46 Connection from [201.78.126.254] refused: too many connections
2007-10-02 01:00:47 Connection from [86.139.48.252] refused: too many connections
2007-10-02 01:00:47 Connection from [68.179.17.185] refused: too many connections
2007-10-02 01:00:47 Connection from [200.214.157.3] refused: too many connections
Any pointers?
-Alon