[Dshield] unusual port 25 traffic
dshield at hilotec.net
Thu Jan 26 18:40:35 GMT 2006
> We have scanned the boxes with AV, scanned with Nessus, we can seem to
> find them compromised.
> Sniffer has been set up and we are waiting for another burst. We
> cannot find a pattern to the traffic. We can go a couple of
> days/hours/minutes before another burst.
can you dump the traffic's payload to see whether it's really smtp or
HILOTEC Engineering + Consulting GmbH
Energietechnik und Datensysteme
Tel: +41 34 402 74 00 - http://www.hilotec.com/
More information about the list