another stupid question.

From: Zep (zep_at_nemesis.mmind.net)
Date: 06/03/03

  • Next message: Nicholas Diotte: "Re: About default sharing folders in Windows"
    Date: Tue, 3 Jun 2003 12:03:41 -0400
    To: security-basics@securityfocus.com
    
    

    I've googled log entries like the ones below, looking for some
    mention of the exploit/what's being attempted (port 25, I'm
    guessing it's spam relay?) and how to make sure I'm not helping
    someone be an interdork. any info is greatly appreciated.

    63.211.23.62 - 63.211.23.62 - - - [02/Jun/2003:22:43:35 -0400] "CONNECT mx00.comcast.net:25 HTTP/1.0" 405 99
    63.211.23.62 - 63.211.23.62 - - - [02/Jun/2003:22:43:37 -0400] "POST http://63.211.23.62:25/ HTTP/1.1" 200 1188
    63.211.23.38 - 63.211.23.38 - - - [03/Jun/2003:10:26:36 -0400] "CONNECT mailin-04.mx.aol.com:25 HTTP/1.0" 405 99
    63.211.23.38 - 63.211.23.38 - - - [03/Jun/2003:10:26:36 -0400] "POST http://63.211.23.38:25/ HTTP/1.1" 200 1188

            I'd be much less concerned if it weren't for the 200 codes on the
    'POST' commands. Thanks.

    -- 
                                                 - Zep
                                          (zep@nemesis.mmind.net)
    Friends may come and go, but enemies accumulate.
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    

  • Next message: Nicholas Diotte: "Re: About default sharing folders in Windows"

    Relevant Pages

    • Re: Port Scanned by Microsoft
      ... Not exactly a port scan. ... I'm guessing Windows on your computer is trying to ... > NameServer: DNS1.CP.MSFT.NET ...
      (microsoft.public.security)
    • Re: FTP and SP2?
      ... I am guessing it could be an issue with the new Firewall in ... >SP2? ... I opened up port 21 but still the same problem. ...
      (microsoft.public.inetserver.iis)
    • Re: Computer Misuse Act
      ... >>and then access its Web site by guessing a URL. ... >publicly accessible web server. ... some of them definitely do speculative port 80 connects. ...
      (uk.legal)
    • Re: Looping error 5.3.5 we trying to send to domains we host.
      ... Can you paste back the results of an ehlo to your server on port 25 ... > Thanks for the explanation I am guessing that when I run this I replace ...
      (microsoft.public.exchange.admin)