RE: SMTP Scans

From: Luc Somers (lucat_private)
Date: Tue Apr 22 2003 - 08:42:36 PDT

Next message: Justin Pryzby: "protocol watcher"

Previous message: noconflic: "Re: msamba"
Next in thread: paulat_private: "RE: SMTP Scans"
Next in thread: Hoof Hearted: "Re: SMTP Scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It's been happening for over 2 years now on pandora.be, a belgian cable provider...
We are not allowed to run any server applications (ie. apache, mail, ftp...)

So they portscan every ip a few times a day, my logs are always cluttered.

Oh, did i forget to mention we are limited by amount of traffic a month,
and those portscans are happily eating 3megs a day. :(

Just had to add that.

Luc Somers



-----Original Message-----
From: Mally Mclane [mailto:mallyat_private]
Sent: Tuesday, April 22, 2003 4:40 PM
To: Rob Shein; 'Hoof Hearted'; incidentsat_private
Subject: RE: SMTP Scans


Hi,

--On Monday, April 21, 2003 6:50 PM -0400 Rob Shein <shotenat_private> 
wrote:

> For the last few months our ISP (BT) has apparently been scanning our
> mail  servers for open relays, this is happening up to
> 12 times a day across both Primary & Secondary mail servers.

I don't condone this, but this is fairly common practice amongst UK ISPs.

Regards,


Mally Mclane
RIPE NCC - Operations



----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------


----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------

Next message: Justin Pryzby: "protocol watcher"
Previous message: noconflic: "Re: msamba"
Next in thread: paulat_private: "RE: SMTP Scans"
Next in thread: Hoof Hearted: "Re: SMTP Scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 07:13:50 PDT