[unisog] Syn Probe on Port 25

Herb Commodore herb at oit.duke.edu
Fri Apr 18 13:42:08 GMT 2003

Lois Lehman <LOIS.LEHMAN at asu.edu> writes:

> We have seen syn probes targeted directed at port 25 on specific IP
> addresses lately.  Does anyone know  what this would indicate?  In other
> words, is it part of a known malicious code and/or what we should look for
> on the targeted computers?

        Searching for mailservers, possibly to launch targetted
        attacks using recent sendmail vulnerabilities, or simply to
        see what machines might be able to be used as an open mail

                                -- Herb

Herb Commodore		herb at oit.duke.edu	+1.919.660.6951
IT Security Office, OIT, Duke University
Box 90132, Durham NC 27708-0132 USA

More information about the unisog mailing list