[Dshield] Weird SMTP access

Doug doug at dwhite.ws
Sun Nov 17 19:09:58 GMT 2002


No, you are not overreacting - many people, including me
have blocked all of china.

================================
This address is filtered through the open relay database at
http://www.ordb.org
and is virus scanned by ANTIVIR
http://www.dwhite.ws
mailto:doug at dwhite.ws
================================
----- Original Message -----
From: "Johan Strand" <Johan.Strand at frontend.se>
To: <list at dshield.org>
Sent: Sunday, November 17, 2002 2:51 AM
Subject: [Dshield] Weird SMTP access


| Hi!
|
| I got a strange access-attempt in my SMTP-log today. My
guess is an attempt to use it as a proxy. Is that correct?
Does anyone know what to look for to see if it was
successful? The below is the only lines in the log (MS
Exchange).
|
| As usual this is from Chinanet... I'm seriously thinking
of blocking them. Am I overreacting?
|
| Best,
| Johan
|
|
| 218.7.157.195, -, 11/17/2002, 6:34:36, SMTPSVC1, CERBERUS,
XXX.XXX.XXX.XXX, 0, 34, 32, 500, 0, get, -,
+http://www.yahoo.com/+HTTP/1.1,
| 218.7.157.195, -, 11/17/2002, 6:34:36, SMTPSVC1, CERBERUS,
XXX.XXX.XXX.XXX, 0, 19, 32, 500, 0, host:, -,
+www.yahoo.com,
| 218.7.157.195, -, 11/17/2002, 6:34:36, SMTPSVC1, CERBERUS,
XXX.XXX.XXX.XXX, 0, 11, 32, 500, 0, accept:, -, +*/*,
| 218.7.157.195, -, 11/17/2002, 6:34:36, SMTPSVC1, CERBERUS,
XXX.XXX.XXX.XXX, 0, 16, 32, 500, 0, pragma:, -, +no-cache,
| 218.7.157.195, -, 11/17/2002, 6:34:36, SMTPSVC1, CERBERUS,
XXX.XXX.XXX.XXX, 0, 59, 32, 500, 0, user-agent:, -,
+Mozilla/4.0+(compatible;+MSIE+4.01;+Windows+98),
| 218.7.157.195, -, 11/17/2002, 6:34:38, SMTPSVC1, CERBERUS,
XXX.XXX.XXX.XXX, 1578, 0, 0, 0, 1609, QUIT, -, -,
|
| _______________________________________________
| Dshield mailing list
| Dshield at dshield.org
| To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list