[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] TCP port 25 traffic?

To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] TCP port 25 traffic?
From: Josh Karp <josh.karp@visionael.com>
Date: Sun, 17 Aug 2003 08:48:39 -0700
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40";>

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 10">
<meta name=Originator content="Microsoft Word 10">
<link rel=File-List href="cid:filelist.xml@01C3649C.3B4B4410";>
<title>TCP port 25 traffic?</title>
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:EnvelopeVis/>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;
	mso-font-charset:0;
	mso-generic-font-family:swiss;
	mso-font-pitch:variable;
	mso-font-signature:1627421319 -2147483648 8 0 66047 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;
	text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
	{color:blue;
	text-decoration:underline;
	text-underline:single;}
p
	{mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
span.EmailStyle18
	{mso-style-type:personal-reply;
	mso-style-noshow:yes;
	mso-ansi-font-size:10.0pt;
	mso-bidi-font-size:10.0pt;
	font-family:Arial;
	mso-ascii-font-family:Arial;
	mso-hansi-font-family:Arial;
	mso-bidi-font-family:Arial;
	color:navy;}
span.GramE
	{mso-style-name:"";
	mso-gram-e:yes;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */ 
 table.MsoNormalTable
	{mso-style-name:"Table Normal";
	mso-tstyle-rowband-size:0;
	mso-tstyle-colband-size:0;
	mso-style-noshow:yes;
	mso-style-parent:"";
	mso-padding-alt:0in 5.4pt 0in 5.4pt;
	mso-para-margin:0in;
	mso-para-margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.0pt;
	font-family:"Times New Roman";}
</style>
<![endif]--><!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body bgcolor=white lang=EN-US link=blue vlink=blue style='tab-interval:.5in'>

<div class=Section1>

<p class=MsoNormal><span class=GramE><font size=2 color=navy face=Arial><span
style='font-size:10.0pt;font-family:Arial;color:navy'>Alright, sorry for the
lack of info in my original post.</span></font></span><font size=2 color=navy
face=Arial><span style='font-size:10.0pt;font-family:Arial;color:navy'> <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I'm not running a mail server
anywhere on my network. I don't have TCP 25 open to anywhere. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>What I'm seeing lately is a huge
increase in SMTP probes and I'm wondering if there's something new
out in the wild for SMTP. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Thanks again... josh<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style='font-weight:bold'>From:</span></b> Joel R. Helgeson
[mailto:joel@helgeson.com] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Saturday, August 16, 2003
10:15 PM<br>
<b><span style='font-weight:bold'>To:</span></b>
full-disclosure@lists.netsys.com<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [Full-Disclosure] TCP
port 25 traffic?</span></font></p>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Yeah, I think its called SPAM, not
new though....</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Try connecting to your server via
telnet on port 25 and see if you can get an interactive connection.</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>type in the following commands:</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>expn</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>vrfy</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>and see if they are accepted.&nbsp;
If so, your server is open to possible attack.</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'><a href="telnet://192.168.0.1:25";>telnet://192.168.0.1:25</a>&nbsp;will
open a telnet session to your server on port 25</span></font><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>Joel R. Helgeson<br>
Director of Networking &amp; Security Services<br>
SymetriQ Corporation<o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'>&quot;Give a man fire, and he'll be warm for a day;
set a man on fire, and he'll be warm for the rest of his life.&quot; <o:p></o:p></span></font></p>

</div>

<blockquote style='border:none;border-left:solid black 1.5pt;padding:0in 0in 0in 3.0pt;
margin-left:3.0pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>----- Original Message ----- <o:p></o:p></span></font></p>

</div>

<div style='font-color:black'>

<p class=MsoNormal style='margin-left:.5in;background:#E4E4E4'><b><font size=2
face=Arial><span style='font-size:10.0pt;font-family:Arial;font-weight:bold'>From:</span></font></b><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> <a
href="mailto:josh.karp@visionael.com"; title="josh.karp@visionael.com">Josh Karp</a>
<o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><b><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial;font-weight:bold'>To:</span></font></b><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> <a
href="mailto:'full-disclosure@lists.netsys.com'"
title="full-disclosure@lists.netsys.com">'full-disclosure@lists.netsys.com'</a>
<o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><b><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial;font-weight:bold'>Sent:</span></font></b><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> Saturday,
August 16, 2003 5:45 PM<o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><b><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial;font-weight:bold'>Subject:</span></font></b><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>
[Full-Disclosure] TCP port 25 traffic?<o:p></o:p></span></font></p>

</div>

<div>

<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span
style='font-size:12.0pt'><o:p>&nbsp;</o:p></span></font></p>

</div>

<p style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>I've seen an unusual amount of connection attempts to
TCP port 25 on a</span></font> <font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>particular system in my network as of the past 48
hours or so. It's only this one system, and it's multiple source IP's. Is there
anything new for SMTP? </span></font><o:p></o:p></p>

<p style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:
10.0pt;font-family:Arial'>Thanks for any info... josh</span></font> <o:p></o:p></p>

</blockquote>

</div>

</body>

</html>
Prev by Date: RE: [Full-Disclosure] Automating patch deployment
Next by Date: [Full-Disclosure] [Fwd: Edwards AFB shut down by W32Blaster] (fwd)
Prev by thread: Re: [Full-Disclosure] TCP port 25 traffic?
Next by thread: [Full-Disclosure] [SECURITY] [DSA-373-1] New autorespond packages fix buffer overflow
Index(es):
- Date
- Thread