Traffic from port 25 to high ports?

From: Matt Simonsen (matt_lists@careercast.com)
Date: 09/27/01

• Previous message: Andrew Mulholland: "RE: qmail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <3BB35240.6060603@careercast.com>
Date: Thu, 27 Sep 2001 09:22:24 -0700
From: Matt Simonsen <matt_lists@careercast.com>
To: security-basics@securityfocus.com
Subject: Traffic from port 25 to high ports?

I am seeing traffic regularly coming from remote servers' port 25
destined to our servers' high ports, generally in the 1-3k range. Is
this normal? I plan to block it all, from what I understand SMTP goes
only from 25 to 25, but if that's the case I can't figure out what this
would be.

According to our IPFilter logs the traffic generally has -AFP set,
please let me know off-line if a tidbit of info I could provide can help
you answer my question.

Thanks
Matt Simonsen

---

• Previous message: Andrew Mulholland: "RE: qmail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2001-09