Intrusion Detection Systems mailing list archives

connection request to port 25

From: s.hashim () usa net (SHAIFUL HASHIM)
Date: Mon Jun 12 06:16:49 2000


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
Hi all,

I believed one of the workstations in my university has been compromised. I've
monitored any connection from outside to the machine using snort. What I've
got are overwhelming connection request to port 25 with SYN bit set from
multiple of hosts. Currently the mail has not been used much but the log have
shown that the mail port is very active. Can you tell me what sort of attack
this might be and what is possibly going on?

Thanks
Shaiful
UKM

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1

Current thread:

IDS engines put this together Lance Spitzner (Jun 11)
- RE: IDS engines put this together Bill Royds (Jun 11)
- connection request to port 25 SHAIFUL HASHIM (Jun 12)
  - Re: connection request to port 25 Carric Dooley (Jun 12)
  - Does anyone know if there is a firewall in the market that does not filter out ip packets with source route option filled in. Akshay Kumar Sreeramoju (Jun 12)
  - Re: connection request to port 25 Joe Dauncey (Jun 18)
- Re: IDS engines put this together Greg Shipley (Jun 12)
- port 25 Tim Slighter (Jun 12)
- Re: IDS engines put this together Martin Roesch (Jun 12)
- <Possible follow-ups>
- Re: IDS engines put this together Marcus J. Ranum (Jun 12)
- Re: IDS engines put this together Marcus J. Ranum (Jun 12)
- Re: IDS engines put this together Martin Roesch (Jun 13)
- Re: IDS engines put this together Mark.Teicher () predictive com (Jun 13)

(Thread continues...)