[Dshield] Weird SMTP access

Johan Strand Johan.Strand at frontend.se
Sun Nov 17 08:51:14 GMT 2002


Hi!

I got a strange access-attempt in my SMTP-log today. My guess is an attempt to use it as a proxy. Is that correct? Does anyone know what to look for to see if it was successful? The below is the only lines in the log (MS Exchange).

As usual this is from Chinanet... I'm seriously thinking of blocking them. Am I overreacting?

Best,
	Johan


218.7.157.195, -, 11/17/2002, 6:34:36, SMTPSVC1, CERBERUS, XXX.XXX.XXX.XXX, 0, 34, 32, 500, 0, get, -, +http://www.yahoo.com/+HTTP/1.1,
218.7.157.195, -, 11/17/2002, 6:34:36, SMTPSVC1, CERBERUS, XXX.XXX.XXX.XXX, 0, 19, 32, 500, 0, host:, -, +www.yahoo.com,
218.7.157.195, -, 11/17/2002, 6:34:36, SMTPSVC1, CERBERUS, XXX.XXX.XXX.XXX, 0, 11, 32, 500, 0, accept:, -, +*/*,
218.7.157.195, -, 11/17/2002, 6:34:36, SMTPSVC1, CERBERUS, XXX.XXX.XXX.XXX, 0, 16, 32, 500, 0, pragma:, -, +no-cache,
218.7.157.195, -, 11/17/2002, 6:34:36, SMTPSVC1, CERBERUS, XXX.XXX.XXX.XXX, 0, 59, 32, 500, 0, user-agent:, -, +Mozilla/4.0+(compatible;+MSIE+4.01;+Windows+98),
218.7.157.195, -, 11/17/2002, 6:34:38, SMTPSVC1, CERBERUS, XXX.XXX.XXX.XXX, 1578, 0, 0, 0, 1609, QUIT, -, -,




More information about the list mailing list