RE: [Full-Disclosure] TCP port 25 traffic?

• Previous message: George Peek: "RE: [Full-Disclosure] Automating patch deployment"
• Maybe in reply to: Josh Karp: "[Full-Disclosure] TCP port 25 traffic?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Sun, 17 Aug 2003 08:48:39 -0700

Alright, sorry for the lack of info in my original post.
 
I'm not running a mail server anywhere on my network. I don't have TCP 25
open to anywhere.
 
What I'm seeing lately is a huge increase in SMTP probes and I'm wondering
if there's something new out in the wild for SMTP.
 
Thanks again... josh
 
-----Original Message-----
From: Joel R. Helgeson [mailto:joel@helgeson.com]
Sent: Saturday, August 16, 2003 10:15 PM
To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] TCP port 25 traffic?
 
Yeah, I think its called SPAM, not new though....
Try connecting to your server via telnet on port 25 and see if you can get
an interactive connection.
 
type in the following commands:
expn
vrfy
 
and see if they are accepted. If so, your server is open to possible
attack.
 
telnet://192.168.0.1:25 <telnet://192.168.0.1:25> will open a telnet
session to your server on port 25
 
Joel R. Helgeson
Director of Networking & Security Services
SymetriQ Corporation
 
"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll
be warm for the rest of his life."
----- Original Message -----
From: Josh Karp <mailto:josh.karp@visionael.com>
To: 'full-disclosure@lists.netsys.com'
<mailto:'full-disclosure@lists.netsys.com'>
Sent: Saturday, August 16, 2003 5:45 PM
Subject: [Full-Disclosure] TCP port 25 traffic?
 
I've seen an unusual amount of connection attempts to TCP port 25 on a
particular system in my network as of the past 48 hours or so. It's only
this one system, and it's multiple source IP's. Is there anything new for
SMTP?
Thanks for any info... josh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: George Peek: "RE: [Full-Disclosure] Automating patch deployment"
• Maybe in reply to: Josh Karp: "[Full-Disclosure] TCP port 25 traffic?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages ISA 2004 Publishing Rules ... ISA2004 isolates several secure domain servers from the rest of our network. ... We use two ports for our application: TCP 1240 and TCP 1188. ... I created two server publishing rules, ... traffic, denied connection, default rule, source net external, dest net ... (microsoft.public.isa.publishing) Re: [fw-wiz] Blocking Google Talk ... network traffic based on network service and content. ... Google Talk uses transport layer security for login (TCP 443) and XMPP ... for XML Jabber communication (TCP port 5222) prior to clients talking ... (Firewall-Wizards) Re: Diskless client problems ... I have fixed the problems with all the error messages, The server was ... network is now flying. ... I still know why it is not using tcp, but this is not so important now. ... >> When running NFS over a wireless link for example, ... (Debian-User) Re: Short guide to secure network ... UPD is required and what needs to be opened on the server and what needs to ... be opened on the client. ... > I am going to secure my network with tcp/ip and ICF on all my computers. ... > Is there a short guide to the basic ports, both TCP and UDP to keep open. ... (microsoft.public.windows.server.security) determining speed issues ... I fear I have speed issues in my network and I have started the chore ... Client connecting to <ex server address>, TCP port 5001 ... (comp.dcom.sys.cisco)