D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Question for your web servers firewall logs



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 10 February 2003 2:56 pm, Simon Waters wrote:
> Anyone with access to logs on a big web server with lots of
> zones with A records for the domain, and MX records pointing
> elsewhere.

i've just stuck a rule on for port 25 of one of our domains A records on all 
of our ingres firewalls, which will count the connection attempts.  If you 
remind me in 24 hours, i'll give you the results (i'll forget otherwise, for 
sure) ;)

> Can tell me what proportion of SYN requests to port 25 look like
> they might be genuine if misguided attempts to send e-mail. Or
> just send me the IP addresses (assuming it is less than a
> megabyte or so) and I'll do some analysis.
>
> Better still if you know how many mail messages were sent to the
> MX servers in the same period...

I can't give you an exact count offhand, though it's around 17,000 messages in 
a normal day (that was last months average, iirc).

>  Simon, losing genuine e-mail and not worried about it -- hehe
> that is on my list of "signs and symptoms of inner peace" (well
> not the e-mail bit), all I need now are the "frequent attacks of
> smiling" and I'll have achieved enlightenment ;-)

hehe =) next, you'll be drinking green tea...

 ~ Theo

- -- 
Theo Zourzouvillys
<theo@xxxxxxxxxxxxxxxx>
<http://theo.me.uk/>




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+R9Xm448CrwpTn6YRApaGAKD2CZR3SVntsuoqstUEobwnmw9qbACaAiPu
JUUTvOfVFNIlukPk3fx4AFw=
=rEn9
-----END PGP SIGNATURE-----


--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.


Lynx friendly