Security Incidents mailing list archives
RE: SMTP Scans
From: "Luc Somers" <luc () salesint be>
Date: Tue, 22 Apr 2003 17:42:36 +0200
It's been happening for over 2 years now on pandora.be, a belgian cable provider... We are not allowed to run any server applications (ie. apache, mail, ftp...) So they portscan every ip a few times a day, my logs are always cluttered. Oh, did i forget to mention we are limited by amount of traffic a month, and those portscans are happily eating 3megs a day. :( Just had to add that. Luc Somers -----Original Message----- From: Mally Mclane [mailto:mally () ripe net] Sent: Tuesday, April 22, 2003 4:40 PM To: Rob Shein; 'Hoof Hearted'; incidents () securityfocus com Subject: RE: SMTP Scans Hi, --On Monday, April 21, 2003 6:50 PM -0400 Rob Shein <shoten () starpower net> wrote:
For the last few months our ISP (BT) has apparently been scanning our mail servers for open relays, this is happening up to 12 times a day across both Primary & Secondary mail servers.
I don't condone this, but this is fairly common practice amongst UK ISPs. Regards, Mally Mclane RIPE NCC - Operations ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
Current thread:
- Re: SMTP Scans Hoof Hearted (Apr 21)
- RE: SMTP Scans Rob Shein (Apr 22)
- RE: SMTP Scans Mally Mclane (Apr 22)
- RE: SMTP Scans Jimi Thompson (Apr 24)
- Re: SMTP Scans Kurt Seifried (Apr 25)
- RE: SMTP Scans Mally Mclane (Apr 22)
- RE: SMTP Scans paul (Apr 28)
- RE: SMTP Scans Rob Shein (Apr 22)
- <Possible follow-ups>
- RE: SMTP Scans Luc Somers (Apr 23)
- Re: SMTP Scans Hoof Hearted (Apr 28)
- Re: SMTP Scans Chris Boyd (Apr 29)