Security Incidents mailing list archives

RE: SMTP Scans

From: "Luc Somers" <luc () salesint be>
Date: Tue, 22 Apr 2003 17:42:36 +0200

It's been happening for over 2 years now on pandora.be, a belgian cable provider...
We are not allowed to run any server applications (ie. apache, mail, ftp...)

So they portscan every ip a few times a day, my logs are always cluttered.

Oh, did i forget to mention we are limited by amount of traffic a month,
and those portscans are happily eating 3megs a day. :(

Just had to add that.

Luc Somers



-----Original Message-----
From: Mally Mclane [mailto:mally () ripe net]
Sent: Tuesday, April 22, 2003 4:40 PM
To: Rob Shein; 'Hoof Hearted'; incidents () securityfocus com
Subject: RE: SMTP Scans


Hi,

--On Monday, April 21, 2003 6:50 PM -0400 Rob Shein <shoten () starpower net> 
wrote:

For the last few months our ISP (BT) has apparently been scanning our
mail  servers for open relays, this is happening up to
12 times a day across both Primary & Secondary mail servers.


I don't condone this, but this is fairly common practice amongst UK ISPs.

Regards,


Mally Mclane
RIPE NCC - Operations



----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------


----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts.  The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches.  Deadline for the best rates is April 25.  Register today to
ensure your place. http://www.securityfocus.com/BlackHat-incidents
----------------------------------------------------------------------------

Current thread:

Re: SMTP Scans Hoof Hearted (Apr 21)
- RE: SMTP Scans Rob Shein (Apr 22)
  - RE: SMTP Scans Mally Mclane (Apr 22)
    - RE: SMTP Scans Jimi Thompson (Apr 24)
    - Re: SMTP Scans Kurt Seifried (Apr 25)
  - RE: SMTP Scans paul (Apr 28)
- <Possible follow-ups>
- RE: SMTP Scans Luc Somers (Apr 23)
- Re: SMTP Scans Hoof Hearted (Apr 28)
  - Re: SMTP Scans Chris Boyd (Apr 29)