What's up with SMTP traffic?

Discussion in 'Computer Information' started by DeMoN LaG, Nov 4, 2003.

  1. DeMoN LaG

    DeMoN LaG Guest

    I've literally had over 1,500 attempts by about 5 different IP addresses in
    the past 24 hours that have been targetted to port 25. I am failing to
    understand why. There is an SMTP server on my network, but it has no
    access to the public, so the 1,500 attempts to connect are hitting a router
    that is just turning them down (and providing me with a /huge/ amount of
    data to send to some ISPs), but I just don't get why the traffic is there
    to begin with. Some new worm I don't know about that spreads by looking
    for SMTP servers or something?

    --
    AIM: FrznFoodClerk (actually me)
    email: de_on-lag@co_cast.net (_ = m)
    website: under construction
    Need a technician in the south Jersey area?
    email/IM for rates/services
    DeMoN LaG, Nov 4, 2003
    #1
    1. Advertising

  2. DeMoN LaG

    derek / nul Guest

    On Tue, 04 Nov 2003 06:36:42 -0000, DeMoN LaG <n@a> wrote:

    >I've literally had over 1,500 attempts by about 5 different IP addresses in
    >the past 24 hours that have been targetted to port 25. I am failing to
    >understand why. There is an SMTP server on my network, but it has no
    >access to the public, so the 1,500 attempts to connect are hitting a router
    >that is just turning them down (and providing me with a /huge/ amount of
    >data to send to some ISPs), but I just don't get why the traffic is there
    >to begin with. Some new worm I don't know about that spreads by looking
    >for SMTP servers or something?


    One of the machines in the network 'may' have a virus that has given out the
    location of the SMTP server.

    Derek
    derek / nul, Nov 4, 2003
    #2
    1. Advertising

  3. DeMoN LaG

    Adam Steiner Guest

    "DeMoN LaG" <n@a> wrote in message
    news:Xns942910794C161Wobbly@216.168.3.30...
    > I've literally had over 1,500 attempts by about 5 different IP addresses

    in
    > the past 24 hours that have been targetted to port 25. I am failing to
    > understand why. There is an SMTP server on my network, but it has no
    > access to the public, so the 1,500 attempts to connect are hitting a

    router
    > that is just turning them down (and providing me with a /huge/ amount of
    > data to send to some ISPs), but I just don't get why the traffic is there
    > to begin with. Some new worm I don't know about that spreads by looking
    > for SMTP servers or something?
    >

    I remember reading something about a new worm, something that starts with an
    M I think. I know I'm not being very informative, but it's 3am and I'm on
    my way to bed. It's one of these worms that does attempt SMTP connections.

    Out of curiosity, what program do you use to detect the attempts?


    --Adam
    Adam Steiner, Nov 4, 2003
    #3
  4. DeMoN LaG

    Night_Seer Guest

    Adam Steiner wrote:
    > "DeMoN LaG" <n@a> wrote in message
    > news:Xns942910794C161Wobbly@216.168.3.30...
    >> I've literally had over 1,500 attempts by about 5 different IP
    >> addresses in the past 24 hours that have been targetted to port 25.
    >> I am failing to understand why. There is an SMTP server on my
    >> network, but it has no access to the public, so the 1,500 attempts
    >> to connect are hitting a router that is just turning them down (and
    >> providing me with a /huge/ amount of data to send to some ISPs), but
    >> I just don't get why the traffic is there to begin with. Some new
    >> worm I don't know about that spreads by looking for SMTP servers or
    >> something?
    >>

    > I remember reading something about a new worm, something that starts
    > with an M I think. I know I'm not being very informative, but it's
    > 3am and I'm on my way to bed. It's one of these worms that does
    > attempt SMTP connections.
    >
    > Out of curiosity, what program do you use to detect the attempts?
    >
    >
    > --Adam


    Yes there's a new worm out there called Mimail.c. It comes as an
    attachment to an email and spreads that way. The one difference about
    this new worm is that it uses the zip format rather than an exe format,
    which might let it get through more email filters than it normally would
    have.

    --
    Night_Seer
    Night_Seer, Nov 4, 2003
    #4
  5. DeMoN LaG

    DeMoN LaG Guest

    derek / nul <> wrote in
    news:eek::

    > One of the machines in the network 'may' have a virus that has given
    > out the location of the SMTP server.
    >


    Nope. All machines run AVG6 with updated definitions, and nothing out
    there targets security exploits in Firebird and Eudora, which is all that
    is used. Was my first thought too.

    --
    AIM: FrznFoodClerk (actually me)
    email: de_on-lag@co_cast.net (_ = m)
    website: under construction
    Need a technician in the south Jersey area?
    email/IM for rates/services
    DeMoN LaG, Nov 4, 2003
    #5
  6. DeMoN LaG

    DeMoN LaG Guest

    "Adam Steiner" <> wrote in
    news::

    > Out of curiosity, what program do you use to detect the attempts?
    >


    I have a Linksys router, I set it to make logs and the logs are sent to one
    of my machines that runs Linksys's "LogView" program that shows the log.

    --
    AIM: FrznFoodClerk (actually me)
    email: de_on-lag@co_cast.net (_ = m)
    website: under construction
    Need a technician in the south Jersey area?
    email/IM for rates/services
    DeMoN LaG, Nov 4, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Albert
    Replies:
    3
    Views:
    3,401
    Barry Margolin
    Jul 21, 2004
  2. baboman

    Measuring Smtp traffic

    baboman, Sep 16, 2004, in forum: Cisco
    Replies:
    1
    Views:
    601
    Ivan Ostres
    Sep 16, 2004
  3. paul tomlinson

    PIX not passing web traffic / SMTP

    paul tomlinson, Sep 23, 2004, in forum: Cisco
    Replies:
    6
    Views:
    901
    paul tomlinson
    Sep 29, 2004
  4. Gerardo

    block smtp traffic

    Gerardo, Dec 29, 2004, in forum: Cisco
    Replies:
    1
    Views:
    6,699
    Walter Roberson
    Dec 29, 2004
  5. jlatulip
    Replies:
    4
    Views:
    1,022
    Salvatore
    May 13, 2006
Loading...

Share This Page