[Dshield] Favor to ask the list.

Paul Marsh pmarsh at nmefdn.org
Wed Jun 29 16:16:12 GMT 2005


Sorry it took so long to get back to everyone on this.  I've been
noticing the IP in question scanning a customers IP on all high order
ports.  So I did an nmap -v -P0 for starters to see what was going on,
everything came back as open?  The IP belongs to godaddy.com's secure
mail server and yes the customer uses godaddy.  I called godaddy, they
said because the customer is using Outlook you'll see these scans as the
client checks for email.  I then asked why the IP was coming back as all
ports open and the rep had no idea but would let the upper support
people know.

Can someone enlighten me as to why the mail server is scanning?  Outlook
makes the connection sends or receives email and then drops the
connection.  Is it possible that they have some sort of honey pot on the
box also?  Enquiring minds want to know ;)

Thanx, Paul



More information about the list mailing list