[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] TCP port 25 traffic?
- To: <full-disclosure@lists.netsys.com>
- Subject: Re: [Full-Disclosure] TCP port 25 traffic?
- From: "Joel R. Helgeson" <joel@helgeson.com>
- Date: Sun, 17 Aug 2003 00:14:34 -0500
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>TCP port 25 traffic?</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1170" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Yeah, I think its called SPAM, not new
though....</FONT></DIV>
<DIV><FONT face=Arial size=2>Try connecting to your server via telnet on port 25
and see if you can get an interactive connection.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>type in the following commands:</FONT></DIV>
<DIV><FONT face=Arial size=2>expn</FONT></DIV>
<DIV><FONT face=Arial size=2>vrfy</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>and see if they are accepted. If so, your
server is open to possible attack.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><A
href="telnet://192.168.0.1:25";>telnet://192.168.0.1:25</A> will open a
telnet session to your server on port 25</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>Joel R. Helgeson<BR>Director of Networking & Security
Services<BR>SymetriQ Corporation</DIV>
<DIV> </DIV>
<DIV>"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll
be warm for the rest of his life." </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=josh.karp@visionael.com href="mailto:josh.karp@visionael.com";>Josh
Karp</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=full-disclosure@lists.netsys.com
href="mailto:'full-disclosure@lists.netsys.com'">'full-disclosure@lists.netsys.com'</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Saturday, August 16, 2003 5:45
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Full-Disclosure] TCP port 25
traffic?</DIV>
<DIV><BR></DIV>
<P align=left><FONT face=Arial size=2>I</FONT><FONT face=Arial
size=2>'</FONT><FONT face=Arial size=2>ve seen an unusual amount of connection
attempts to TCP port 25 on a</FONT> <FONT face=Arial size=2>particular system
in my network as of the past 48 hours or so. It</FONT><FONT face=Arial
size=2>'</FONT><FONT face=Arial size=2>s only this one system, and
it</FONT><FONT face=Arial size=2>'</FONT><FONT face=Arial size=2>s multiple
source IP</FONT><FONT face=Arial size=2>'</FONT><FONT face=Arial size=2>s. Is
there anything new for SMTP? </FONT></P>
<P align=left><FONT face=Arial size=2>Thanks for any info</FONT><FONT
face=Arial size=2>...</FONT><FONT face=Arial size=2> josh</FONT><FONT
face=Arial size=2></FONT> </P>
<P align=left><A name=_MailAutoSig></A></P>
<P align=left></P></BLOCKQUOTE></BODY></HTML>