Security Incidents mailing list archives
SMTP probes
From: Rich Puhek <rpuhek () etnsystems com>
Date: Fri, 04 Apr 2003 13:22:23 -0600
Has anyone else noticed an upswing in port 25 probes over the last few days?I'm seeing fairly large quantities of connections to port 25 (on the order of one every several seconds) with no real SMTP transations (logged by sendmail as "... did not issue MAIL/XPN/VRFY/ETRN during connection to MTA")
Perhaps somethings probing for servers vulnerable to the recent sendmail problems?
A quick look with ngrep seems to show that a typical connection doesn't send any data, just connects to port 25 and goes away.
--Rich _________________________________________________________ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: rpuhek () etnsystems com _________________________________________________________ ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents
Current thread:
- SMTP probes Rich Puhek (Apr 04)
- Re: SMTP probes Bojan Zdrnja (Apr 05)
- Re: SMTP probes Christine Kronberg (Apr 07)
- <Possible follow-ups>
- Re: SMTP probes Neil Dickey (Apr 05)