What's up with SMTP traffic?

Discussion in 'Computer Information' started by DeMoN LaG, Nov 4, 2003.

  1. DeMoN LaG

    DeMoN LaG Guest

    I've literally had over 1,500 attempts by about 5 different IP addresses in
    the past 24 hours that have been targetted to port 25. I am failing to
    understand why. There is an SMTP server on my network, but it has no
    access to the public, so the 1,500 attempts to connect are hitting a router
    that is just turning them down (and providing me with a /huge/ amount of
    data to send to some ISPs), but I just don't get why the traffic is there
    to begin with. Some new worm I don't know about that spreads by looking
    for SMTP servers or something?

    --
    AIM: FrznFoodClerk (actually me)
    email: [email protected]_cast.net (_ = m)
    website: under construction
    Need a technician in the south Jersey area?
    email/IM for rates/services
     
    DeMoN LaG, Nov 4, 2003
    #1
    1. Advertisements

  2. DeMoN LaG

    derek / nul Guest

    One of the machines in the network 'may' have a virus that has given out the
    location of the SMTP server.

    Derek
     
    derek / nul, Nov 4, 2003
    #2
    1. Advertisements

  3. DeMoN LaG

    Adam Steiner Guest

    I remember reading something about a new worm, something that starts with an
    M I think. I know I'm not being very informative, but it's 3am and I'm on
    my way to bed. It's one of these worms that does attempt SMTP connections.

    Out of curiosity, what program do you use to detect the attempts?


    --Adam
     
    Adam Steiner, Nov 4, 2003
    #3
  4. DeMoN LaG

    Night_Seer Guest

    Yes there's a new worm out there called Mimail.c. It comes as an
    attachment to an email and spreads that way. The one difference about
    this new worm is that it uses the zip format rather than an exe format,
    which might let it get through more email filters than it normally would
    have.
     
    Night_Seer, Nov 4, 2003
    #4
  5. DeMoN LaG

    DeMoN LaG Guest

    Nope. All machines run AVG6 with updated definitions, and nothing out
    there targets security exploits in Firebird and Eudora, which is all that
    is used. Was my first thought too.

    --
    AIM: FrznFoodClerk (actually me)
    email: [email protected]_cast.net (_ = m)
    website: under construction
    Need a technician in the south Jersey area?
    email/IM for rates/services
     
    DeMoN LaG, Nov 4, 2003
    #5
  6. DeMoN LaG

    DeMoN LaG Guest

    I have a Linksys router, I set it to make logs and the logs are sent to one
    of my machines that runs Linksys's "LogView" program that shows the log.

    --
    AIM: FrznFoodClerk (actually me)
    email: [email protected]_cast.net (_ = m)
    website: under construction
    Need a technician in the south Jersey area?
    email/IM for rates/services
     
    DeMoN LaG, Nov 4, 2003
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.