[unisog] Syn Probe on Port 25

Herb Commodore herb at oit.duke.edu
Fri Apr 18 13:42:08 GMT 2003


Lois Lehman <LOIS.LEHMAN at asu.edu> writes:

> We have seen syn probes targeted directed at port 25 on specific IP
> addresses lately.  Does anyone know  what this would indicate?  In other
> words, is it part of a known malicious code and/or what we should look for
> on the targeted computers?
>  

        Searching for mailservers, possibly to launch targetted
        attacks using recent sendmail vulnerabilities, or simply to
        see what machines might be able to be used as an open mail
        relay.

                                -- Herb

-- 
Herb Commodore		herb at oit.duke.edu	+1.919.660.6951
IT Security Office, OIT, Duke University
Box 90132, Durham NC 27708-0132 USA



More information about the unisog mailing list