[Dshield] Increase in port 25 traffic !

Andy Hopkins Andy.Hopkins at healthAlliance.co.nz
Tue Aug 19 03:21:43 GMT 2003


Sorry folks - missed one peice of info in the rush to get the question out
before another committment !!!

The hits I'm talking about are against a firewall which hasn't been used for
e-mail for a while, this is a clear increase in just the last 24hrs

thanks

------------------------------------------
Andy Hopkins
Senior Unix & Firewall Administrator
healthAlliance

(+64) (9) 486 8944
(+64) (25) 285 2139

Disclaimer:
The views and information expressed in this e-Mail are actually mine,
because my partner says so!
healthAlliance doesn't necessarily agree with me either



-----Original Message-----
From: Jonathan Rickman [mailto:jonathan at xcorps.net]
Sent: Tuesday, 19 August 2003 12:53
To: General DShield Discussion List
Subject: Re: [Dshield] Increase in port 25 traffic !


On Monday 18 August 2003 19:55, Andy Hopkins wrote:
> Anyone seeing a significant in tcp/25 traffic as well as ICMP and tcp/80
> ?

Bear with me, I'm just thinking out loud... 

Could the increase in port 25 probes be a result of the now patched systems 
(discussed in another thread) no longer being available to spammers? Could 
it be a recon scan in preparation for a scan for open relays? Maybe not, 
but it's an idea. Are any mail server operators out there seeing an 
increase in relay attempts to coincide with this?

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list