RE: [Full-Disclosure] TCP port 25 traffic?

From: Josh Karp (josh.karp_at_visionael.com)
Date: 08/17/03

  • Next message: Ron DuFresne: "[Full-Disclosure] [Fwd: Edwards AFB shut down by W32Blaster] (fwd)"
    To: full-disclosure@lists.netsys.com
    Date: Sun, 17 Aug 2003 08:48:39 -0700
    
    

    Alright, sorry for the lack of info in my original post.
     
    I'm not running a mail server anywhere on my network. I don't have TCP 25
    open to anywhere.
     
    What I'm seeing lately is a huge increase in SMTP probes and I'm wondering
    if there's something new out in the wild for SMTP.
     
    Thanks again... josh
     
    -----Original Message-----
    From: Joel R. Helgeson [mailto:joel@helgeson.com]
    Sent: Saturday, August 16, 2003 10:15 PM
    To: full-disclosure@lists.netsys.com
    Subject: Re: [Full-Disclosure] TCP port 25 traffic?
     
    Yeah, I think its called SPAM, not new though....
    Try connecting to your server via telnet on port 25 and see if you can get
    an interactive connection.
     
    type in the following commands:
    expn
    vrfy
     
    and see if they are accepted. If so, your server is open to possible
    attack.
     
    telnet://192.168.0.1:25 <telnet://192.168.0.1:25> will open a telnet
    session to your server on port 25
     
    Joel R. Helgeson
    Director of Networking & Security Services
    SymetriQ Corporation
     
    "Give a man fire, and he'll be warm for a day; set a man on fire, and he'll
    be warm for the rest of his life."
    ----- Original Message -----
    From: Josh Karp <mailto:josh.karp@visionael.com>
    To: 'full-disclosure@lists.netsys.com'
    <mailto:'full-disclosure@lists.netsys.com'>
    Sent: Saturday, August 16, 2003 5:45 PM
    Subject: [Full-Disclosure] TCP port 25 traffic?
     
    I've seen an unusual amount of connection attempts to TCP port 25 on a
    particular system in my network as of the past 48 hours or so. It's only
    this one system, and it's multiple source IP's. Is there anything new for
    SMTP?
    Thanks for any info... josh

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Ron DuFresne: "[Full-Disclosure] [Fwd: Edwards AFB shut down by W32Blaster] (fwd)"

    Relevant Pages

    • Re: SCO 5.0.7 MP5 network hung up
      ... instead of the server I was reloading. ... The system was still inaccessible via the network. ... It is probably the case, with some minor exceptions, that whatever `tcp ... is still seeing the streams memory leakage with its NIC on IRQ11. ...
      (comp.unix.sco.misc)
    • =?UTF-8?B?UmVbNV06IEFzc3ltZXRyaWMgTklDIHBlcmZvcm1hbmNlIHByb2JsZW0=?=
      ... I've got a FreeBSD file server running Samba, file upload speeds are okay, but downloads are too slow. ... Client connecting to 192.168.0.1, TCP port 5001 ... Sorry, I didn't know that UDP bandwidth must be specified manually, otherwise it defaults to 1.0Mbit/s. ...
      (freebsd-net)
    • Re: DCOM event ID 10009 errors
      ... The error that you mentioned in the "Symptoms" section is frequently a network communications error. ... TCP port collisions are occurring. ... The activation page for a COM+ proxy application contains a Remote Server Name property. ... For more information about how to determine TCP port usage when you troubleshoot TCP/IP connectivity issues, click the following article numbers to view the articles in the ...
      (microsoft.public.windows.server.sbs)
    • Re: Re[3]: Assymetric NIC performance problem
      ... I've got a FreeBSD file server running Samba, file upload speeds are okay, ... Client connecting to 192.168.0.1, TCP port 5001 ... Interval Transfer Bandwidth ...
      (freebsd-net)
    • =?UTF-8?B?UmVbNV06IEFzc3ltZXRyaWMgTklDIHBlcmZvcm1hbmNlIHByb2JsZW0=?=
      ... I've got a FreeBSD file server running Samba, file upload speeds are okay, but downloads are too slow. ... Client connecting to 192.168.0.1, TCP port 5001 ... TCP window size: 64.0 KByte ...
      (freebsd-net)