port 25 connections up?
I've seen an almost astronomical increase in bogus smtp connections ("did not issue MAIL/EXPN/VRFY/ETRN during connection to") within the past 18 hours. Up to +1100 today vs the usual 4 or 5. Anyone else? -Jim P.
On Tue, May 31, 2005 at 09:21:00PM -0400, Jim Popovitch wrote:
I've seen an almost astronomical increase in bogus smtp connections ("did not issue MAIL/EXPN/VRFY/ETRN during connection to") within the past 18 hours. Up to +1100 today vs the usual 4 or 5.
Anyone else?
Overall i see a slight spike in the past 24 hours, looking at a graphic of tcp/25 flows over the past 10 days. (normally a peak of 1.2M or so, but a past 24 hour peak closer to 1.3M flows/sec, so maybe a 6-7% increase or so from my vantage point.. also comparing comparable days of the week). - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
http://isc.sans.org/port_details.php?port=25 Stef Network Fortius, LLC On May 31, 2005, at 8:21 PM, Jim Popovitch wrote:
I've seen an almost astronomical increase in bogus smtp connections ("did not issue MAIL/EXPN/VRFY/ETRN during connection to") within the past 18 hours. Up to +1100 today vs the usual 4 or 5.
Anyone else?
-Jim P.
participants (3)
-
Jared Mauch
-
Jim Popovitch
-
Network Fortius