Re: New mail scanner?

From: James C. Slora Jr. (Jim.Slora_at_phra.com)
Date: 08/11/03

Next message: Bojan Zdrnja: "RE: Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up."

Previous message: Jeff Kell: "Re: New mail scanner?"
In reply to: Jeff Kell: "New mail scanner?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Jeff Kell" <jeff-kell@utc.edu>, "Incidents" <incidents@securityfocus.com>
Date: Sun, 10 Aug 2003 22:41:32 -0400

Jeff Kell wrote

> For the last couple of days we have been continually probed for SMTP
> services from several addresses, but the unique part of the scanning is
> that the source port is always zero.

These are fairly common for me (a set every few weeks). It has just been
spammers when I've looked. The source port 0 in my cases just appeared to be
the sig of whatever tool they were using.

Your probers each appear on at least one spam blocklist, which gives
favorable odds that these are just more spammers.

Host: 171.75.197.194 (171.75.197.194)
dnsbl.njabl.org Listed:

Host: 67.64.156.215 (67.64.156.215)
block.blars.org Listed:

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Bojan Zdrnja: "RE: Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up."

Previous message: Jeff Kell: "Re: New mail scanner?"
In reply to: Jeff Kell: "New mail scanner?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Changing Source Port For Nmap Idle Scan
... allow you to change the source port. ... Run nmap with idlescan option like this: ... packets before postrouting processing takes place). ... This will apply as well when scanning selected ...
(Pen-Test)
New mail scanner?
... For the last couple of days we have been continually probed for SMTP ... but the unique part of the scanning is ... that the source port is always zero. ... Jeff ...
(Incidents)