Intrusion Detection Systems mailing list archives
Re: connection request to port 25
From: carric () com2usa com (Carric Dooley)
Date: Mon, 12 Jun 2000 18:11:29 -0400
Archive: http://msgs.securepoint.com/ids FAQ: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You are probably being used by spammers as an open relay... either shutdown sendmail, or get the bat book to learn how to secure your box... Carric Dooley Network Security Consultant "I have often regretted my speech, never my silence." - - Xenocrates (396-314 B.C.) - ----- Original Message ----- From: "SHAIFUL HASHIM" <s.hashim () usa net> To: <ids () uow edu au> Sent: Monday, June 12, 2000 5:08 AM Subject: IDS: connection request to port 25
Archive: http://msgs.securepoint.com/ids FAQ: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems... email questions to ids-owner () uow edu au NOTE: Remove this section from reply msgs otherwise the msg will bounce. SPAM: DO NOT send unsolicted mail to this list. UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au -------------------------------------------------------------------- --------- Hi all, I believed one of the workstations in my university has been compromised. I've monitored any connection from outside to the machine using snort. What I've got are overwhelming connection request to port 25 with SYN bit set from multiple of hosts. Currently the mail has not been used much but the log have shown that the mail port is very active. Can you tell me what sort of attack this might be and what is possibly going on? Thanks Shaiful UKM ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOUVgEFUqWOkDpMZ2EQLVZwCcD1Jfd0WwTkGK2F3ifTcVi/kPeLkAoIvb qzy8a569lRdaaKPoztlM/MDS =oQea -----END PGP SIGNATURE-----
Current thread:
- IDS engines put this together Lance Spitzner (Jun 11)
- RE: IDS engines put this together Bill Royds (Jun 11)
- connection request to port 25 SHAIFUL HASHIM (Jun 12)
- Re: connection request to port 25 Carric Dooley (Jun 12)
- Does anyone know if there is a firewall in the market that does not filter out ip packets with source route option filled in. Akshay Kumar Sreeramoju (Jun 12)
- Re: connection request to port 25 Joe Dauncey (Jun 18)
- Re: IDS engines put this together Greg Shipley (Jun 12)
- port 25 Tim Slighter (Jun 12)
- Re: IDS engines put this together Martin Roesch (Jun 12)
- <Possible follow-ups>
- Re: IDS engines put this together Marcus J. Ranum (Jun 12)
- Re: IDS engines put this together Marcus J. Ranum (Jun 12)
- Re: IDS engines put this together Martin Roesch (Jun 13)
- Re: IDS engines put this together Mark.Teicher () predictive com (Jun 13)
- Re: IDS engines put this together Andy Bradford (Jun 13)