New mail scanner?
From: Jeff Kell (jeff-kell_at_utc.edu)
Date: 08/09/03
- Previous message: morning_wood: "Re: Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up."
- Next in thread: Jeff Kell: "Re: New mail scanner?"
- Maybe reply: Jeff Kell: "Re: New mail scanner?"
- Reply: James C. Slora Jr.: "Re: New mail scanner?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 09 Aug 2003 02:10:36 -0400 To: Incidents <incidents@securityfocus.com>
For the last couple of days we have been continually probed for SMTP
services from several addresses, but the unique part of the scanning is
that the source port is always zero. e.g.,
> Aug 9 00:25:24.502 EDT: %SEC-6-IPACCESSLOGP: list ingress denied tcp 171.75.197.194(0) -> xxx.xxx.xxx.68(25), 1 packet
> Aug 9 00:32:27.606 EDT: %SEC-6-IPACCESSLOGP: list ingress denied tcp 67.64.156.215(0) -> xxx.xxx.xxx.121(25), 1 packet
(Actual sources)
Anyone else seeing this? I don't have a honeypot to capture what they
are looking for, but it doesn't look encouraging.
Jeff
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: morning_wood: "Re: Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up."
- Next in thread: Jeff Kell: "Re: New mail scanner?"
- Maybe reply: Jeff Kell: "Re: New mail scanner?"
- Reply: James C. Slora Jr.: "Re: New mail scanner?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
