[Dshield] ~security.rr.com:25

Rick Klinge rick at famhost.com
Sat Jun 21 02:32:48 GMT 2003


no.. actually they are backscanning you because they recieved an email from
you.  fwiw.. port 25 is smtp.. port 23 is telnet..

i think they are try to figure out if residential customers are running
email servers or services other than the TOS states.  bussiness class vs
residential.

~Rick

----- Original Message ----- 
From: "walter woodrow" <oopicwow at yahoo.com>
To: <list at dshield.org>
Sent: Friday, June 20, 2003 8:20 PM
Subject: [Dshield] ~security.rr.com:25


>
> Has anyone seen this type of data in their IIS logs?
>
> I checked the IP (http://www.dshield.org/ipinfo.php?ip=24.30.199.231) and
it has a host name of customerscan.sec.rr.com.
>
>
>
> Are they (Road Runner) checking for open telnet servers? I find it an
interesting parameter used (~security.rr.com:25)
>
>
>
>
ClientHost,Username,LogTime,Service,Machine,ServerIP,ProcessingTime,BytesRec
vd,BytesSent,ServiceStatus,ServiceStatusDesc,Win32Status,Operation,Target,Pa
rameters
>
> 24.30.199.231,-,6/20/2003 18:56,W3SVC1,MYServer,x.x.x.x,0,39,4184,404,Not
Found,123,GET,/,~security.rr.com:25
>
> 24.30.199.231,-,6/20/2003 18:55,W3SVC1,MYServer,x.x.x.x,15,39,4184,404,Not
Found,123,GET,/,~security.rr.com:25
>
>
>
> Any Ideas?
>
>
>
> Thanks,
>
> Walter
>
>
>
> ---------------------------------
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
> ___________________________________________________________________
> Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.
>
>

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list