[unisog] Syn Probe on Port 25

Lois Lehman LOIS.LEHMAN at asu.edu
Fri Apr 18 18:13:20 GMT 2003


Herb, if they were just looking for a vulnerable system, why scan just one
machine out of 300+ in the same building repeatedly?  This makes me think it
is something else.  

Lois Lehman, GSEC, MBA
Network Security Manager
Physical Sciences Computer Support Manager
College of Liberal Arts & Sciences
Arizona State University
480-965-3139


-----Original Message-----
From: Herb Commodore [mailto:herb at oit.duke.edu] 
Sent: Friday, April 18, 2003 6:42 AM
To: Lois Lehman
Cc: 
Subject: Re: [unisog] Syn Probe on Port 25

Lois Lehman <LOIS.LEHMAN at asu.edu> writes:

> We have seen syn probes targeted directed at port 25 on specific IP
> addresses lately.  Does anyone know  what this would indicate?  In other
> words, is it part of a known malicious code and/or what we should look for
> on the targeted computers?
>  

        Searching for mailservers, possibly to launch targetted
        attacks using recent sendmail vulnerabilities, or simply to
        see what machines might be able to be used as an open mail
        relay.

                                -- Herb

-- 
Herb Commodore		herb at oit.duke.edu	+1.919.660.6951
IT Security Office, OIT, Duke University
Box 90132, Durham NC 27708-0132 USA


More information about the unisog mailing list