[Dshield] ~security.rr.com:25

walter woodrow oopicwow at yahoo.com
Sat Jun 21 01:20:20 GMT 2003


Has anyone seen this type of data in their IIS logs?

I checked the IP (http://www.dshield.org/ipinfo.php?ip=24.30.199.231) and it has a host name of customerscan.sec.rr.com.

 

Are they (Road Runner) checking for open telnet servers? I find it an interesting parameter used (~security.rr.com:25)

 

ClientHost,Username,LogTime,Service,Machine,ServerIP,ProcessingTime,BytesRecvd,BytesSent,ServiceStatus,ServiceStatusDesc,Win32Status,Operation,Target,Parameters

24.30.199.231,-,6/20/2003 18:56,W3SVC1,MYServer,x.x.x.x,0,39,4184,404,Not Found,123,GET,/,~security.rr.com:25

24.30.199.231,-,6/20/2003 18:55,W3SVC1,MYServer,x.x.x.x,15,39,4184,404,Not Found,123,GET,/,~security.rr.com:25

 

Any Ideas?

 

Thanks,

Walter



---------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!


More information about the list mailing list