[PLUG] (forw) smtp attack from 208.187.215.242
Sandy Herring
sandy at herring.org
Wed Jun 26 05:12:40 UTC 2002
On Tue, 25 Jun 2002, Aj Lavin wrote:
> On Mon, Jun 24, 2002 at 09:37:47PM -0700, Sandy Herring wrote:
> > I had gotten used to seeing virtually nothing but probes to port 1433 -
> > until today. Anyone else getting hammered with smtp probes?
>
> $ dig -x 208.187.215.242
>
> ;; ANSWER SECTION:
> 242.215.187.208.in-addr.arpa. 39674 IN PTR q7.q7.com.
>
> Searching my PLUG folder for q7.com:
>
> From: Sean Lewis <seant at q7.com>
>
> Maybe Sean Lewis is just trying to send you email.
>
> - Aj
Nope, it wasn't Sean. Aracnet handles MX for herring.org. For some reason,
the IP didn't reverse lookup for me when I tried it before sending off the
email to Q7's upstream. I'm subscribed to a couple of lists hosted at Q7 and
powered by Lyris. It appears Lyris failed to deliver to the MX record
(Aracnet glitch?) and fell back to delivery to the A record (and I have port
25 blocked since I don't run a mail server).
Sandy
--
Sandy Herring, RHCE o sandy at herring.org
Peck of Pickled Pisces __ o http://herring.org/
UNIX or Web authoring questions? |\/ o\ o http://herring.org/finger.html
=>http://herring.org/techie.html |/\__/ http://herring.org/pub-key.asc
*sh, Perl, C, VBA, PICK Assembler, Data/Basic, PROC & profanity spoken here.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20020625/bf835258/attachment.asc>
More information about the PLUG
mailing list