Thread: Server Hacked?
View Single Post
  #40  
Old 26th January 2012, 19:31
silenceti silenceti is offline
Junior Member
 
Join Date: Dec 2011
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I install a tool (tcpdump) and here is the log:


[root@master ~]# tcpdump -ne dst port 25 and 'tcp[13] & 2 == 2' and dst host MyIP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
17:25:43.931077 00:04:80:e0:6b:00 > 00:25:90:0d:1e:68, ethertype IPv4 (0x0800), length 78: 121.175.145.168.dict-lookup > myIP.smtp: S 315188453:315188453(0) win 65535 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK>
17:25:44.326206 00:04:80:e0:6b:00 > 00:25:90:0d:1e:68, ethertype IPv4 (0x0800), length 74: 219.238.181.117.35398 > myIP.smtp: S 2915140590:2915140590(0) win 5840 <mss 1448,sackOK,timestamp 992358201 0,nop,wscale 6>
17:25:45.055212 00:04:80:e0:6b:00 > 00:25:90:0d:1e:68, ethertype IPv4 (0x0800), length 74: 122.154.97.28.33438 > myIP.smtp: S 1599445130:1599445130(0) win 5840 <mss 1460,sackOK,timestamp 11662252 0,nop,wscale 5>
17:25:45.868748 00:04:80:e0:6b:00 > 00:25:90:0d:1e:68, ethertype IPv4 (0x0800), length 74: 190.85.37.92.39753 > myIP.smtp: S 1656762183:1656762183(0) win 5840 <mss 1460,sackOK,timestamp 2604329909 0,nop,wscale 7>
17:25:45.920087 00:04:80:e0:6b:00 > 00:25:90:0d:1e:68, ethertype IPv4 (0x0800), length 74: 187.35.85.107.54625 > myIP.smtp: S 1176030850:1176030850(0) win 5840 <mss 1460,sackOK,timestamp 284097485 0,nop,wscale 7>
17:25:46.342190 00:04:80:e0:6b:00 > 00:25:90:0d:1e:68, ethertype IPv4 (0x0800), length 74: 174.142.7.203.52911 > myIP.smtp: S 2198223489:2198223489(0) win 5840 <mss 1460,sackOK,timestamp 107704557 0,nop,wscale 2>
17:25:46.943041 00:04:80:e0:6b:00 > 00:25:90:0d:1e:68, ethertype IPv4 (0x0800), length 74: 81.89.109.53.50366 > myIP.smtp: S 350587823:350587823(0) win 5840 <mss 1460,sackOK,timestamp 2397487033 0,nop,wscale 4>
17:25:46.969541 00:04:80:e0:6b:00 > 00:25:90:0d:1e:68, ethertype IPv4 (0x0800), length 74: 203.110.203.71.35867 > myIP.smtp: S 3809754771:3809754771(0) win 8880 <mss 2960,sackOK,timestamp 3232387290 0,nop,wscale
0>

A lot of ip's connecting...
Reply With Quote