Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Funny smtp helo in the logs

from [trains] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Funny smtp helo in the logs
Date: Sun, 30 Oct 2005 07:09:23 -0600 
Quoting Aditya Deshmukh <aditya.deshmukh@online.gateway.strangled.net>:

I have been seeing this in my logs over all the public smtp server, from
all over the net.

Anyone know what sends these kinds of helo ?

124 09/10/2005 09:54:35 HELO -1209283632  --->  250 my.smtp.domain.server
125 09/10/2005 09:55:27 HELO -1209747464  --->  250 my.smtp.domain.server


<snip>

02D 29/10/2005 20:39:12 HELO -1208865784  --->  250 my.smtp.domain.server
017 30/10/2005 11:21:26 HELO -1216191992  --->  250 my.smtp.domain.server

they look like ip addresses to me (1216191992 => 72.125.157.248 ). I checked a few and they weren't smpt listeners. I would go for the possibility that your mail server is being used as part of a reporting mechanism to notify the mother ship of vulnerable or infected IP addresses.

-------------------------------------------------
Email solutions, MS Exchange alternatives and extrication,
security services, systems integration.
Contact:    services@doctorunix.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] for IE researchers, found a link crashing IE, ad
Next by Date:  RE: [Full-disclosure] for IE researchers, found a link crashing IE, ad
Previous by Thread:  Re: [Full-disclosure] Funny smtp helo in the logs, Thierry Zoller
Next by Thread:  Re: [Full-disclosure] Funny smtp helo in the logs, Lexi
Indexes:  [Date] [Thread] [Top] [All Lists]