Intrusion Detection Systems mailing list archives

Previous By Date Next
Previous By Thread Next

RE: connection request to port 25

From: tharris () ocair com (Harris, Tim)
Date: Mon, 19 Jun 2000 10:19:49 -0700

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
Can you get any useful information by attempting your own connection to that
port?  For example a telnet to it?

-----Original Message-----
From: Joe Dauncey [mailto:toothbrushhead () yahoo com]
Sent: Sunday, June 18, 2000 10:02 AM
To: SHAIFUL HASHIM
Cc: ids () uow edu au
Subject: Re: IDS: connection request to port 25

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-
This sounds like an attempted SYN attack. Though I would have thought that
for it
to be successful the impact should be much more noticeable.

Joe

SHAIFUL HASHIM wrote:


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au


-

Hi all,

I believed one of the workstations in my university has been compromised.

I've

monitored any connection from outside to the machine using snort. What

I've

got are overwhelming connection request to port 25 with SYN bit set from
multiple of hosts. Currently the mail has not been used much but the log

have

shown that the mail port is very active. Can you tell me what sort of

attack

this might be and what is possibly going on?

Thanks
Shaiful
UKM

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1


__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: