|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: SMTP Attacks?
From: Barry Dorrans (barryd
IDUNNO.ORG)
Date: Tue Apr 12 2005 - 09:00:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Has anyone seen this showing up in there SMTP server logs?
>
> Apr 2005 04:55:55 -0500
> Fri 2005-04-01 04:55:55: <-- POST / HTTP/1.0
> Fri 2005-04-01 04:55:55: --> 500 What? I don't understand that.
> Fri 2005-04-01 04:55:55: <-- Host: combine.com:25
> Fri 2005-04-01 04:55:55: --> 500 What? I don't understand that.
> Fri 2005-04-01 04:55:55: <-- Content-Length: 3384
> Fri 2005-04-01 04:55:55: --> 500 What? I don't understand that.
> Fri 2005-04-01 04:55:55: <-- Content-Type: text/plain
> Fri 2005-04-01 04:55:55: Too many errors encountered
> Fri 2005-04-01 04:55:55: SMTP session terminated (Bytes in/out:
> 3473/178)
That's not an "attack", but a scan for an open http proxy running on your
SMTP port.
You could try contacting abuse the ISPs owning the IP scanning or just
put it down to the typical background noise on the internet these days and
quite happily ignore it. I run the same mail server as you do, and over
the last 2.5 years I've not had any adverse effects from a proxy scanner
hitting it.
--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
--
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]