SMTP probes

[Rich Puhek <rpuhek () etnsystems com>]

Has anyone else noticed an upswing in port 25 probes over the last few days?

I'm seeing fairly large quantities of connections to port 25 (on the 
order of one every several seconds) with no real SMTP transations 
(logged by sendmail as "... did not issue MAIL/XPN/VRFY/ETRN during 
connection to MTA")

Perhaps somethings probing for servers vulnerable to the recent sendmail 
problems?

A quick look with ngrep seems to show that a typical connection doesn't 
send any data, just connects to port 25 and goes away.


--Rich

_________________________________________________________

Rich Puhek
ETN Systems Inc.
2125 1st Ave East
Hibbing MN 55746

tel:   218.262.1130
email: rpuhek () etnsystems com
_________________________________________________________


----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents