[Dshield] Big Jump in Open Relay Mailers
brad.madison at mail.tds.net
Mon Feb 2 18:27:22 GMT 2004
At 10:16 AM 2/2/2004 -0500, you wrote:
>Anyone have an solid information here?
Have you tried making a telnet connection to port 25 on a few of those to
see what the banner says is the mailer? How is it you can tell they are
open relays? - the headers could lie. How are the IPs distributed by ISP,
by geographic location?
It could be as simple as a new spammer starting up or an old spammer going
back to open relays.
If true open relays are being targeted that makes open relay honeypots a
More information about the list