Re: New mail scanner?

From: James C. Slora Jr. (Jim.Slora_at_phra.com)
Date: 08/11/03

  • Next message: Bojan Zdrnja: "RE: Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up."
    To: "Jeff Kell" <jeff-kell@utc.edu>, "Incidents" <incidents@securityfocus.com>
    Date: Sun, 10 Aug 2003 22:41:32 -0400
    
    

    Jeff Kell wrote

    > For the last couple of days we have been continually probed for SMTP
    > services from several addresses, but the unique part of the scanning is
    > that the source port is always zero.

    These are fairly common for me (a set every few weeks). It has just been
    spammers when I've looked. The source port 0 in my cases just appeared to be
    the sig of whatever tool they were using.

    Your probers each appear on at least one spam blocklist, which gives
    favorable odds that these are just more spammers.

    Host: 171.75.197.194 (171.75.197.194)
    dnsbl.njabl.org Listed:

    Host: 67.64.156.215 (67.64.156.215)
    block.blars.org Listed:

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Bojan Zdrnja: "RE: Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up."

    Relevant Pages

    • RE: Changing Source Port For Nmap Idle Scan
      ... allow you to change the source port. ... Run nmap with idlescan option like this: ... packets before postrouting processing takes place). ... This will apply as well when scanning selected ...
      (Pen-Test)
    • New mail scanner?
      ... For the last couple of days we have been continually probed for SMTP ... but the unique part of the scanning is ... that the source port is always zero. ... Jeff ...
      (Incidents)