New mail scanner?

From: Jeff Kell (jeff-kell_at_utc.edu)
Date: 08/09/03

  • Next message: Roberts, Chris: "RE: port 445 probes continued"
    Date: Sat, 09 Aug 2003 02:10:36 -0400
    To: Incidents <incidents@securityfocus.com>
    
    

    For the last couple of days we have been continually probed for SMTP
    services from several addresses, but the unique part of the scanning is
    that the source port is always zero. e.g.,

    > Aug 9 00:25:24.502 EDT: %SEC-6-IPACCESSLOGP: list ingress denied tcp 171.75.197.194(0) -> xxx.xxx.xxx.68(25), 1 packet
    > Aug 9 00:32:27.606 EDT: %SEC-6-IPACCESSLOGP: list ingress denied tcp 67.64.156.215(0) -> xxx.xxx.xxx.121(25), 1 packet

    (Actual sources)

    Anyone else seeing this? I don't have a honeypot to capture what they
    are looking for, but it doesn't look encouraging.

    Jeff

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Roberts, Chris: "RE: port 445 probes continued"