[unisog] Super-hidden spamming exploits?

Dave Ellingsberg dave.ellingsberg at csu.mnscu.edu
Mon Oct 20 19:22:48 GMT 2003

I have jsut about finished this thread.  Most of the latest worms have
had their own SMTP engines.  Reading security lists most have some
reference to spammers scanning for infected systems and then using them.
 I suspect this is what most of you are seeing.  Only allows known hosts
to send mail from your campuses on port 25.  


>>> Mike Iglesias <iglesias at draco.acs.uci.edu> 10/6/2003 1:06:29 PM
> Exactly! Is this new or are the spammers just getting around to us?
> first saw this early last week. If this is a new trend, how are
> people handling this. We are implementing a few ideas, but we can't
> think of anything approaching a REAL solution, other than shutting
> SMTP, which isn't really an option, is it?

We've had plenty of systems turned into spam relays with their own
smtp engine, but I think the use of the smtp server configured on
the system is something we have not seen before this school year.

It's probably an attempt to get around port blocks that prevent the
systems from making outgoing smtp requests.

Mike Iglesias                          Email:      
iglesias at draco.acs.uci.edu 
University of California, Irvine       phone:       949-824-6926
Network & Academic Computing Services  FAX:         949-824-2069

More information about the unisog mailing list