OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: IDS: connection request to port 25
From: SHAIFUL HASHIM (s.hashimusa.net)
Date: Mon Jun 12 2000 - 06:16:49 CDT

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
Hi all,

I believed one of the workstations in my university has been compromised. I've
monitored any connection from outside to the machine using snort. What I've
got are overwhelming connection request to port 25 with SYN bit set from
multiple of hosts. Currently the mail has not been used much but the log have
shown that the mail port is very active. Can you tell me what sort of attack
this might be and what is possibly going on?

Thanks
Shaiful
UKM

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1