From: Tom E. <te...@sh...> - 2002-08-22 15:10:14
|
On Thursday 22 August 2002 06:47 am, Magnus Stenman wrote: > Probably spammers > I think this is something different. From "shorwall hits" HITS PORT SERVICE(S) ---- ----- ---------- 844 25 smtp 75 80 http 33 21 ftp 19 1080 socks 16 111 sunrpc 13 500 isakmp 13 137 netbios-ns 9 8080 webcache 8 445 microsoft-ds 8 3128 squid 8 22 ssh 6 81 6 139 netbios-ssn 4 50388 3 53 domain 2 54086 2 43053 2 32768 1 1551 I don't log MS Sql Server hits. =46rom my mail server log summary: Relay access denied 2 222.333.444.555 1 666.777.888.999 So I got 844 connection attempts against the 4 IP addresses that don't ha= ve=20 SMTP servers yet I get only three relay attempts and no decernable increa= se=20 in the amount of SPAM on the one address that does run an SMTP server. Steve Cowles has suggested that they may be looking to expoit the buffer=20 overrun in the DNS resolver library that is described in CERT advisory=20 CA-2002-19. -Tom --=20 Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ te...@sh... |