[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Increase in SMTP traffic?

Subject: [ale] Increase in SMTP traffic?
From: mike at trausch.us (Michael Trausch)
Date: Sat, 30 May 2015 15:07:48 -0400
In-reply-to: <[email protected]>
References: <[email protected]>

Me too. Mostly apparently coming from bot networks that appear to be looking for their own back doors. They appear to be using hard coded names and passwords and aren't terribly intelligent. Seems harmless against a well configured server that's properly isolated and isn't running other services to expose an entry point. 

My assumption is that these are installed-hook checks. Like the old days of DOS where you'd load AX with a value and call a software interrupt. You'd check the return value and ifit was correct, it's installed. Seems to be the same principle here. 

Sent from my iPhone

> On May 23, 2015, at 12:33 AM, Alex Carver <agcarver+ale at acarver.net> wrote:
> 
> Any of you running mail servers notice a sudden increase in traffic in
> the past week?  My server is usually pretty quiet but I've been seeing
> almost ten times the traffic to it now.  Most are from IPs with no
> reverse DNS so they get dropped by one of the ACLs but a few start to
> probe further.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

References:
- [ale] Increase in SMTP traffic?
  - From: agcarver+ale at acarver.net (Alex Carver)

Prev by Date: [ale] thunderbird
Next by Date: [ale] End to end testing?
Previous by thread: [ale] Increase in SMTP traffic?
Next by thread: [ale] D-link hub going bad
Index(es):
- Date
- Thread