[unisog] Help on Possible Web Mail Attack
tlane at scu.edu.au
Thu Jun 16 06:40:50 GMT 2005
I have a query regarding a possible hack on our new Sun Web mail system. Is
anyone able to help with a query. We have just gone live for POP web mail
and have noticed one of our test web mail accounts appears to have been
compromised or hi-jacked, by multiple timeouts whereby another IP address
was reported as using the session.
Is the below log report just reflective of a seemingly innocuous web bot of
some type, or perhaps a hacker hiding behind Google range...???
[16/Jun/2005:10:11:01 +1000] boson httpd: General Warning: ipsecurity
- client 10.133.25.9 attempted to use session 6FmTS7qLDiU belonging to
The 64.233 address actually resolves back to Google........
We are running Sun Java Enterprise System 2.0 with UWC multiplexes deployed
at the front of the firewall talking back to the email back end behind the
Our main questions are:
Any other ideas, hints, suggestions or fixes etc etc would be very appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the unisog