[unisog] Syn Probe on Port 25

Lois Lehman LOIS.LEHMAN at asu.edu
Fri Apr 18 18:13:20 GMT 2003

Herb, if they were just looking for a vulnerable system, why scan just one
machine out of 300+ in the same building repeatedly?  This makes me think it
is something else.  

Lois Lehman, GSEC, MBA
Network Security Manager
Physical Sciences Computer Support Manager
College of Liberal Arts & Sciences
Arizona State University

-----Original Message-----
From: Herb Commodore [mailto:herb at oit.duke.edu] 
Sent: Friday, April 18, 2003 6:42 AM
To: Lois Lehman
Subject: Re: [unisog] Syn Probe on Port 25

Lois Lehman <LOIS.LEHMAN at asu.edu> writes:

> We have seen syn probes targeted directed at port 25 on specific IP
> addresses lately.  Does anyone know  what this would indicate?  In other
> words, is it part of a known malicious code and/or what we should look for
> on the targeted computers?

        Searching for mailservers, possibly to launch targetted
        attacks using recent sendmail vulnerabilities, or simply to
        see what machines might be able to be used as an open mail

                                -- Herb

Herb Commodore		herb at oit.duke.edu	+1.919.660.6951
IT Security Office, OIT, Duke University
Box 90132, Durham NC 27708-0132 USA

More information about the unisog mailing list