pop3 exploit????

["leon" <leon () inyc com>]

Hi everyone,

I posted this to the incidents list already and no one seemed to know
anything about it so I am posting it here because maybe someone here has
a better "ear to the ground" so to speak.  Is there a new pop3 exploit
out?  I constantly get scanned for the usual services (21, 23, 80,
12345, 27374, etc, etc) and when I scan these systems back the only
thing they have in common (as far as running services) is 110 pop3.  Now
some of these ips are running a multitude of services and were probably
compromised by other means but some are solely running 110.  Does anyone
know anything about this?  I don't have any banners grabbed but I do
have a slew of ips.  Also, I don't really care because I am not running
any of the services that they are looking for so it is more of annoyance
then anything else but I am still curious if anyone has seen anything
like this.  I have no clue if these ips are static or dynamic.  This is
being written at 1:15 am EST on 10/14/2001.

If anyone wants to comment on list or off please feel free to do so.

Thanks,

Leon

172.150.153.238
213.245.47.41
216.220.104.180
213.112.62.68
24.29.125.76
212.184.148.179
157.130.52.209
4.24.9.58

PS: if you would like more ips please let me know there come in
constantly I just figured that was enough.