Hi everyone, I posted this to the incidents list already and no one seemed to know anything about it so I am posting it here because maybe someone here has a better "ear to the ground" so to speak. Is there a new pop3 exploit out? I constantly get scanned for the usual services (21, 23, 80, 12345, 27374, etc, etc) and when I scan these systems back the only thing they have in common (as far as running services) is 110 pop3. Now some of these ips are running a multitude of services and were probably compromised by other means but some are solely running 110. Does anyone know anything about this? I don't have any banners grabbed but I do have a slew of ips. Also, I don't really care because I am not running any of the services that they are looking for so it is more of annoyance then anything else but I am still curious if anyone has seen anything like this. I have no clue if these ips are static or dynamic. This is being written at 1:15 am EST on 10/14/2001. If anyone wants to comment on list or off please feel free to do so. Thanks, Leon 172.150.153.238 213.245.47.41 216.220.104.180 213.112.62.68 24.29.125.76 212.184.148.179 157.130.52.209 4.24.9.58 PS: if you would like more ips please let me know there come in constantly I just figured that was enough.
This archive was generated by hypermail 2b30 : Sun Oct 14 2001 - 09:47:56 PDT