Re: Alerts of the ICMP relationship with smtp connection?

From: Paulo (listassec_at_yahoo.com)
Date: 06/10/05

  • Next message: Burton Strauss: "RE: IP announce DOS" 
    Date: Fri, 10 Jun 2005 05:44:44 -0700 (PDT)
To: SecurityBasics SF <security-basics@securityfocus.com>

    Hi,

    I have a new information about this case. The receiver
    mail server is a Merak Mail Server Software 8.0.3.

    Does someone know this server? Does it make ICMP
    request during the receiving of the e-mail?

    Thanks again.

    --- Paulo <listassec@yahoo.com> wrote:

    > Hi,
    >
    > I am using Snort version Version 2.3.2 (Build 12).
    > I have in my snort logs the alerts:
    >
    > 366 - ICMP Ping *nix
    > 384 - ICMP Ping
    > 368 - Ping BSDtype
    >
    > I investigated my others systems logs and in the
    > time
    > that this alert is recorded is the same that
    > registered smtp connection in the maillog arquive
    > from
    > my postfix server.
    >
    > The source IP address in snort's log is equal the
    > destination IP address in the maillog to smtp
    > connection.
    >
    > My smtp server is a Postfix version 1.1.3.
    >
    > This alerts can to be generated by my mail server
    > when
    > it sends mails?
    >
    > Is this alerts a false positive?
    >
    > Thanks by help
    >
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Tired of spam? Yahoo! Mail has the best spam
    > protection around
    > http://mail.yahoo.com
    >

                    
    __________________________________
    Yahoo! Mail Mobile
    Take Yahoo! Mail with you! Check email on your mobile phone.
    http://mobile.yahoo.com/learn/mail

  • Next message: Burton Strauss: "RE: IP announce DOS"

    Relevant Pages

    • Re: Remote access ip/remote okay, domain/remote NOPE
      ... Yes Yahoo is hosting my DNS records and yes I'm receiving mail to exchange ... I use my MX record for my certificate for my server? ... if you're currently receiving mail to Exchange via SMTP ... going to use mycompany as mail server name. ...
      (microsoft.public.windows.server.sbs)
    • Re: Remote access ip/remote okay, domain/remote NOPE
      ... Cheryl basically yes if the Yahoo web hosting is also hosting your DNS ... if you're currently receiving mail to Exchange via SMTP ... going to use mycompany as mail server name. ...
      (microsoft.public.windows.server.sbs)
    • Re: attachment / yahoo issue
      ... I've spoken with my NOC guys who deal with yahoo and here is there ... that Yahoos filtering targets non-isp emails more agressively than ISP ... Additionally the path from the mail server to Yahoo is different from ... Without the header information it is impossible to answer your question. ...
      (comp.mail.misc)
    • Re: Some Mail not being sent correctly
      ... If some recipients get your e-mail then your outbound mail server accepted ... So the problem is at your recipients' end. ... Real businesses don't use freebie accounts at Yahoo, ... When I had a freebie Yahoo account, ...
      (microsoft.public.internet.mail)
    • Re: Unable to access Yahoo account
      ... > My mail sent from my NTL account to Yahoo account is received and ... > that has not happened with Yahoo! ... Apparently you can receive okay from Yahoo's POP3 mail server. ... you use their SMTP server for all outbound e-mail. ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)