[Dshield] Persistent open relay scan...

Jens Knoell jens at ing.twinwave.net
Thu Jul 18 21:52:05 GMT 2002

Thanks for all the helpful replies :) I got rid of the files clogging up the

Now, the more on-topic question: Does it make sense to try and log such
things, and submit them to DShield?

The tricky part seems to be to detect these attempts, although I think it
might be possible to look out for certain patterns - as long as someone
knows what software these people use to scan mailservers, and if they have
any signatures for it. Snort does not seem to have any signatures for that
kind of thing, as far as I can see?


More information about the list mailing list