Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SMTP Attacks?

from [Barry Dorrans] Network Security [Permanent Link]
Subject: Re: SMTP Attacks?
Date: Tue, 12 Apr 2005 15:00:51 +0100 
Has anyone seen this showing up in there SMTP server logs?




Apr 2005 04:55:55 -0500
Fri 2005-04-01 04:55:55: <-- POST / HTTP/1.0
Fri 2005-04-01 04:55:55: --> 500 What? I don't understand that.
Fri 2005-04-01 04:55:55: <-- Host: combine.com:25
Fri 2005-04-01 04:55:55: --> 500 What? I don't understand that.
Fri 2005-04-01 04:55:55: <-- Content-Length: 3384
Fri 2005-04-01 04:55:55: --> 500 What? I don't understand that.
Fri 2005-04-01 04:55:55: <-- Content-Type: text/plain
Fri 2005-04-01 04:55:55: Too many errors encountered
Fri 2005-04-01 04:55:55: SMTP session terminated (Bytes in/out:
3473/178)


That's not an "attack", but a scan for an open http proxy running on your
SMTP port.

You could try contacting abuse@ the ISPs owning the IP scanning or just
put it down to the typical background noise on the internet these days and
quite happily ignore it. I run the same mail server as you do, and over
the last 2.5 years I've not had any adverse effects from a proxy scanner
hitting it.

--
NTBugtraq Editor's Note:

Most viruses these days use spoofed email addresses. As such, using an 
Anti-Virus product which automatically notifies the perceived sender of a 
message it believes is infected may well cause more harm than good. Someone who 
did not actually send you a virus may receive the notification and scramble 
their support staff to find an infection which never existed in the first 
place. Suggest such notifications be disabled by whomever is responsible for 
your AV, or at least that the idea is considered.
--
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Updates incl in 2003 SP1, Craig Williams
Next by Date:  Administrivia: Sorry about the delayed mails, Russ
Previous by Thread:  SMTP Attacks?, Tim Mapes
Next by Thread:  Re: SMTP Attacks?, 3APA3A
Indexes:  [Date] [Thread] [Top] [All Lists]