Dear Administrator, We recieved a complaint about networkscan from IP 000.000.000.000. Please see the attached set of logs from the security software. It might be that your host has been taken over by intruders. Please disconnect this host IMMEDIATELY and investigate its security status. Otherwise please identify your customer operating from the above address at the time mentioned, and immediately terminate his hacking activities. Please prevent him from continuing this kind of activity in the future as well. This incident has been assigned the following number: DK*CERT#454546 For future reference, please include this number in the subject line of your e-mail. Best regards, DK*CERT Abuse Team, DK*CERT UNI*C, DTU, Centrifugevej, bygning 356 2800 Kgs. Lyngby Email: [email protected] Telefon: +45 3587 8887 Web: www.cert.dk If nothing else mentioned below, timezone is believed to be UTC+0100(CET) Destination address(es): Adresser i nettene 130.225.16.0/22 og 130.225.2.128/25 Security logs: #Nov 25 04:00:15 2009 .. Nov 25 04:39:57 2009 # Scan from 000.000.000.000 affecting at least # 64 addresses targeting TCP:1024, TCP:3072.
This is the log file. Can you help me to understand it and fix the problem ? have I consider the email previously received as a fake email? How have I protect my postfix server? http://ubuntuforums.org/showthread.php?t=990582 thanks
