is one of my hosts a scanner?
Ben Smithurst
ben at FreeBSD.org
Tue Sep 9 01:13:13 PDT 2003
Randy Bush wrote:
> seq my host victim(s)
> --- ---------------- ---------------
> 24) 192.168.0.2:1121 <--> 216.52.3.2:2703
> 25) 192.168.0.2:1122 <--> 216.52.3.4:2703
> 39) 192.168.0.2:1124 <--> 216.52.3.2:2703
Those hosts are at cloudmark.com, which gets used by
spamassassin (or some part of it). Port 2703 is Razor2
<http://www.sng.ecs.soton.ac.uk/cgi-bin/faq?_recurse=1&file=16> - so
that fits as well.
Unless you're not using spamassassin or razor2 or something similar,
don't think there's anything to worry about... Do the times of the
probes match up with times when mail is received?
--
Ben Smithurst / ben at FreeBSD.org FreeBSD: The Power To Serve
http://www.FreeBSD.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030909/c3bae49c/attachment.bin
More information about the freebsd-security
mailing list