Date: Tue, 9 Sep 2003 09:13:09 +0100 From: Ben Smithurst <ben@FreeBSD.org> To: Randy Bush <randy@psg.com> Cc: freebsd-security@freebsd.org Subject: Re: is one of my hosts a scanner? Message-ID: <20030909081309.GA22828@strontium.bh.smithurst.org> In-Reply-To: <E19wavc-000LTN-VI@ran.psg.com> References: <E19wavc-000LTN-VI@ran.psg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Randy Bush wrote: > seq my host victim(s) > --- ---------------- --------------- > 24) 192.168.0.2:1121 <--> 216.52.3.2:2703 > 25) 192.168.0.2:1122 <--> 216.52.3.4:2703 > 39) 192.168.0.2:1124 <--> 216.52.3.2:2703 Those hosts are at cloudmark.com, which gets used by spamassassin (or some part of it). Port 2703 is Razor2 <http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?_recurse=1&file=16>; - so that fits as well. Unless you're not using spamassassin or razor2 or something similar, don't think there's anything to worry about... Do the times of the probes match up with times when mail is received? -- Ben Smithurst / ben@FreeBSD.org FreeBSD: The Power To Serve http://www.FreeBSD.org/ [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE/XYuVbPzJ+yzvRCwRAo4vAJ465CqxzLLKobLWuJy+dp8E/dArXQCgu3qK oIhrsr06jEEjBhJBaujdZvI= =2J3M -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030909081309.GA22828>