Security Incidents mailing list archives

Re: smtp probes

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 20 Aug 2001 22:54:55 +0200 (CEST)

On Mon, 20 Aug 2001, Eduardo Cruz wrote:

Has anyone noticed an increase of smtp scans?

From a few days ago im getting connections in port 25, and they dont look

for an open relay
they just connect and disconnect (like checking which smtp server is in
use), there is maybe a new un-official published exploit for sendmail o etc?


At least valinux and sourceforge setup a connect and will do some
verification before they accept email. It could be that this behaviour is
getting copied on other systems as well. I usually get some probes from
them after a message from me is accepted via a mailinglist from
securityfocus.

But it could be a more malicous probe. (Not that I happen to like their
approach.)

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

annoying ftp probes Emil Popov (Aug 20)
- smtp probes Eduardo Cruz (Aug 20)
  - Re: smtp probes Hugo van der Kooij (Aug 20)
    - Re: smtp probes Wichert Akkerman (Aug 20)
- Re: annoying ftp probes Jason Spence (Aug 20)
  - Re: annoying ftp probes Mike Eheler (Aug 20)
- Re: annoying ftp probes Joris De Donder (Aug 20)
- <Possible follow-ups>
- RE: annoying ftp probes Mark Villanova (Aug 20)
  - RE: annoying ftp probes Gregory McCann (Aug 20)
    - RE: annoying ftp probes Skeeve Stevens (Aug 27)
- RE: annoying ftp probes NESTING, DAVID M (SBCSI) (Aug 20)
- Re: annoying ftp probes Emil Popov (Aug 27)