For the last couple of days we have been continually probed for SMTP services from several addresses, but the unique part of the scanning is that the source port is always zero. e.g., > Aug 9 00:25:24.502 EDT: %SEC-6-IPACCESSLOGP: list ingress denied tcp 171.75.197.194(0) -> xxx.xxx.xxx.68(25), 1 packet > Aug 9 00:32:27.606 EDT: %SEC-6-IPACCESSLOGP: list ingress denied tcp 67.64.156.215(0) -> xxx.xxx.xxx.121(25), 1 packet (Actual sources) Anyone else seeing this? I don't have a honeypot to capture what they are looking for, but it doesn't look encouraging. Jeff --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sun Aug 10 2003 - 11:04:18 PDT