[CentOS] A new attack
David Ellsmore
dellsmore at vodafone.ieFri Nov 10 15:21:06 UTC 2006
- Previous message: [CentOS] A new attack
- Next message: [CentOS] A new attack
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
John Hinton wrote: > Log report is reporting a lot of these lately.. following is just a > short snippet from the beginning on one server. > > WARNING!!!! > Possible Attack: > Attempt from 104.29.broadband2.iol.cz [83.208.29.104] with: > command=HELO/EHLO, count=3 : 1 Time(s) > Attempt from 106.7.broadband7.iol.cz [88.102.7.106] with: > command=HELO/EHLO, count=3 : 1 Time(s) > Attempt from 106.74.broadband5.iol.cz [88.100.74.106] with: > command=HELO/EHLO, count=3 : 1 Time(s) > Attempt from 126.239.broadband7.iol.cz [88.102.239.126] with: > command=HELO/EHLO, count=3 : 1 Time(s) > Attempt from 144.Red-80-34-151.staticIP.rima-tde.net [80.34.151.144] > with: > command=HELO/EHLO, count=3 : 1 Time(s) > > Could anyone expand on what these folks are actually doing? And if I > should be concerned? > To me it looks like something/someone looking for valid email addresses - perhaps to use in an effort to defeat spam filters. It'd be interesting to see what sort of conversation takes place between your server and the attacker, and how close together time wise these are occuring. I notice the first 5 warnings are from the Czech Republic, and the last one is from Spain. Are you getting these from world wide addresses or just these two countries?
- Previous message: [CentOS] A new attack
- Next message: [CentOS] A new attack
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list