Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SMTP relaying denied

From: "jamesh" <jamesh () cybermesa com>
Date: Wed, 5 Dec 2001 16:44:21 -0700
[**] [1:567:4] SMTP relaying denied [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
12/05-16:35:54.492244 198.59.109.2:25 -> 61.74.184.2:4053
TCP TTL:64 TOS:0x0 ID:39457 IpLen:20 DgmLen:123 DF
***AP*** Seq: 0x917E2A81  Ack: 0x8EDAE1C8  Win: 0x2238  TcpLen: 20
[Xref => http://www.whitehats.com/info/IDS249]


I have been flooded by relay requests for several days at the rate of 1
attempt/sec. Random IP's.
Just want to make sure I am reading this rule right. 198.59.109.2 is my mail
server. So in the alert above
61.74.184.2 asked my mail server to relay mail and my server returned a
"relay denied" packet ?

I am really good at seeing things backwards, just want to make sure it
"them" trying "us" and not the other way around !



James Edwards
jamesh () cybermesa com
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
Phone support 365 days till 10 pm via the Santa Fe office:
505-988-9200 or Toll Free: 888-988-2700



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: