Re: Mail relay attempts

To: debian-security@lists.debian.org
Cc: Michael Renzmann <mrenzmann@dylanic.de>, debian-security@lists.debian.org
Subject: Re: Mail relay attempts
From: "Adam Majer" <adamm@galacticasoftware.com>
Date: Sun, 1 Sep 2002 00:14:35 -0500
Message-id: <[🔎] 20020901051435.GA443@galacticasoftware.com>
In-reply-to: <20020827131121.GA16206@odin.lnet.lut.fi>
References: <000501c24dba$af0dd3d0$0700000a@mars> <3D6B66C2.5070200@virginska.orebro.se> <3D6B6C1C.2040406@dylanic.de> <20020827131121.GA16206@odin.lnet.lut.fi>

>   Simple. Random IP-address block scans. Having the box live on the 'net
> alone guarantees that it will get some random hits. Prepare to see lot more
> of them from here-on.
> 
>   Script-kiddies, trying to find suitable hosts for their mass exploitation
> tools. Worms, eagerly propagating on their own means; And spammers
> (spammerbots?) trying to find open relays they could abuse.
> 
>   The only thing you can do is to make damn certain your box does not become
> part of the problem.

I know. It is crazzy. I actually would like to see some sort of a better
defence than just standing there uselessly. I mean, in real life if 
a country (community etc..) gets attacked by another, there is 
usually a "war" and someone is tought a lesson. But here, all we
do is sit arround do nothing.

I usually get about 20 probes per day for ssh or relay. And for other
ports, well, 

1808  234K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

over 10 day period. I realize, that's nothing if you are an ISP.
LOL, imagine what microsoft.com has to be getting!!!


- Adam

Reply to:

Follow-Ups:
- Re: Mail relay attempts
  - From: "David U." <davidu@everydns.net>

Next by Date: Re: Mail relay attempts
Next by thread: Re: Mail relay attempts
Index(es):
- Date
- Thread