[Dshield] unusual port 25 traffic

Jean-Pierre Schwickerath dshield at hilotec.net
Thu Jan 26 18:40:35 GMT 2006



> 
> We have scanned the boxes with AV, scanned with Nessus, we can seem to
> find them compromised.
> 
> Sniffer has been set up and we are waiting for another burst.  We
> cannot find a pattern to the traffic.  We can go a couple of
> days/hours/minutes before another burst.

can you dump the traffic's payload to see whether it's really smtp or
something else?



Jean-Pierre


-- 
HILOTEC Engineering + Consulting GmbH
Energietechnik und Datensysteme
Tel: +41 34 402 74 00 - http://www.hilotec.com/


More information about the list mailing list