[server-admins] firewall question, incoming from mail.crosswire.org
Karl Kleinpaste
karl at kleinpaste.org
Sun Feb 18 12:44:41 MST 2018
On 02/18/2018 12:29 PM, DM Smith wrote:
> mail.crosswire.org <http://mail.crosswire.org> is an alias for
> www.crosswire.org <http://www.crosswire.org> and crosswire.org
> <http://crosswire.org>. It may have nothing to do with mail.
Oh, to be sure, I don't think the question is mail-related, and I knew
of the alias -vs- real name relationship. I'm just wondering what
crosswire.org thought it was doing by sending superlatively random
connection requests at oh-dark-thirty.
The fact that the host reached is the current ftp.xiphos.org is likely
complete coincidence, and of course my firewall log shows hundreds of
other attempted penetrations; but being unrelated would be all the more
of a concern since that would indicate that crosswire.org is literally
randomly poking at other hosts. Hence, wondering whether there has been
a compromise. It's running RHEL, which would be an unusual source of
that sort of compromise.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.crosswire.org/pipermail/server-admins/attachments/20180218/1573358a/attachment.html>
More information about the server-admins
mailing list