[Dshield] Increase in port 25 traffic !
Andy.Hopkins at healthAlliance.co.nz
Tue Aug 19 03:21:43 GMT 2003
Sorry folks - missed one peice of info in the rush to get the question out
before another committment !!!
The hits I'm talking about are against a firewall which hasn't been used for
e-mail for a while, this is a clear increase in just the last 24hrs
Senior Unix & Firewall Administrator
(+64) (9) 486 8944
(+64) (25) 285 2139
The views and information expressed in this e-Mail are actually mine,
because my partner says so!
healthAlliance doesn't necessarily agree with me either
From: Jonathan Rickman [mailto:jonathan at xcorps.net]
Sent: Tuesday, 19 August 2003 12:53
To: General DShield Discussion List
Subject: Re: [Dshield] Increase in port 25 traffic !
On Monday 18 August 2003 19:55, Andy Hopkins wrote:
> Anyone seeing a significant in tcp/25 traffic as well as ICMP and tcp/80
Bear with me, I'm just thinking out loud...
Could the increase in port 25 probes be a result of the now patched systems
(discussed in another thread) no longer being available to spammers? Could
it be a recon scan in preparation for a scan for open relays? Maybe not,
but it's an idea. Are any mail server operators out there seeing an
increase in relay attempts to coincide with this?
X Corps Security
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list