Has anyone else noticed an upswing in port 25 probes over the last few days? I'm seeing fairly large quantities of connections to port 25 (on the order of one every several seconds) with no real SMTP transations (logged by sendmail as "... did not issue MAIL/XPN/VRFY/ETRN during connection to MTA") Perhaps somethings probing for servers vulnerable to the recent sendmail problems? A quick look with ngrep seems to show that a typical connection doesn't send any data, just connects to port 25 and goes away. --Rich _________________________________________________________ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: rpuhekat_private _________________________________________________________ ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents
This archive was generated by hypermail 2b30 : Fri Apr 04 2003 - 16:38:43 PST