Re: A case of beer on 63.204.135.168

[John Sage <jsage () finchhaven com>]

On Fri, Feb 22, 2002 at 07:26:08PM -0500, dr.kaos wrote:
> On Friday 22 February 2002 07:04 pm, John Sage wrote:
>
> > I used to feel the same, back in November, maybe, but it's late
> > February 2002 and the incessant rain of Code Red/Nimda probes
> > continues unrelenting.

<snip>

> For instance, in Jeff's earlier post, he mentioned an open relay on port 25 
> of the host he scanned. Anyone want to bet that someone saw that in the post 
> and uses the IP specified as a spam relay? I'm betting there's a pretty good 
> chance. And that just means more spam for you and me to killfile.

Yeah.. you're right there.

Posting an IP is a little out there, but posting the fact that there
are specicific open ports is not appropriate.

I have no doubt whatsoever that crackers monitor these lists.

Let them figure out what ports are open; I mean, that's what they're
supposed to be good at, eh?


- John
-- 
Most people don't type their own logfiles;  but, what do I care?

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users