On Sun, 12 Mar 2006, J.A. Terranson wrote: A reply to a posting by affliction.org. When my MTA tried to pass it to the original poster, it was beaten down by a blacklist (SORBS). Sorry dude, but you've apparently got, or had, bot! Address and Port: 64.7.134.90 Record Created: Sat Sep 10 08:29:56 2005 GMT Record Updated: Sun Jan 8 09:54:01 2006 GMT Additional Information: Likely Trojaned Machine, host running Korgo trojan Currently active and flagged to be published in DNS If you wish to request a delisting please do so through the Support System. Let's see what it looks like today: mx1# nmap 64.7.134.90 Starting nmap 3.78 ( http://www.insecure.org/nmap/ ) at 2006-03-12 18:57 CST Interesting ports on asylum.afflictions.org (64.7.134.90): (The 1652 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https 993/tcp open imaps 995/tcp open pop3s 5800/tcp open vnc-http 5900/tcp open vnc Nmap run completed -- 1 IP address (1 host up) scanned in 77.327 seconds mx1# Well, you've got 993 and 995 open, so 110 and 143 should probably go away. Then, you've got VNC open to the worold: ARE YOU NUTS? Your DNS is not recursing, and that's OK, although I question your need to run one. Basically, you look OK, except that the world still believes you Got Bot. You may wanna give SORBS a heads-up that you fixed it. Sorry about the public posting, but it's the only way to get it to you. -- Yours, J.A. Terranson sysadmin@mfn.org 0xBD4A95BF 'The right of self defence is the first law of nature: in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and the right of the people to keep and bear arms is, under any colour or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction.' St. George Tucker