[Dshield] Increase in SMTP Scans

Ed Truitt ed.truitt at etee2k.net
Fri Aug 23 18:42:34 GMT 2002


Oddly enough, several weeks ago I did - and LaBrea trapped 'em.  And, when I
tracked it down, the scans were coming from my ISP's web server!  So, I
called them up, and they said that due to the increase in the number of
"open relay on your network" complaints they had been getting recently, they
were going to start a proactive scan for machines running open relays
(mostly Exchange servers using the "default" setup).

Since one of the alternatives would have been to ban the running of *any*
server on their network, and since one of the reasons I use this ISP is
because they are so darned friendly toward us tinkerers (they let us run
servers on our home DSL networks, they let us have static IPs,...) I thanked
them and re-configured LaBrea and DShield to ignore Port 25 scans from that
host.

Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: "Glen Peake" <GlenP at etrade.com.au>
To: <list at dshield.org>
Sent: Thursday, August 22, 2002 8:42 PM
Subject: [Dshield] Increase in SMTP Scans


> Hi All,
>
> Just curious if other people have noticed an increase in SMTP (port 25)
> scans, as we've seen an increase in scanning of our entire subnet.
>
> Regards,
> Glen
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list