[CentOS] A new attack

John Hinton webmaster at ew3d.com
Fri Nov 10 14:45:45 UTC 2006


Log report is reporting a lot of these lately.. following is just a 
short snippet from the beginning on one server.

WARNING!!!!
Possible Attack:
   Attempt from 104.29.broadband2.iol.cz [83.208.29.104] with:
      command=HELO/EHLO, count=3 : 1 Time(s)
   Attempt from 106.7.broadband7.iol.cz [88.102.7.106] with:
      command=HELO/EHLO, count=3 : 1 Time(s)
   Attempt from 106.74.broadband5.iol.cz [88.100.74.106] with:
      command=HELO/EHLO, count=3 : 1 Time(s)
   Attempt from 126.239.broadband7.iol.cz [88.102.239.126] with:
      command=HELO/EHLO, count=3 : 1 Time(s)
   Attempt from 144.Red-80-34-151.staticIP.rima-tde.net [80.34.151.144] 
with:
      command=HELO/EHLO, count=3 : 1 Time(s)

Could anyone expand on what these folks are actually doing? And if I 
should be concerned?

This is happening on both my CentOS 3 and 4 systems, all running Sendmail.

Thanks,
John Hinton



More information about the CentOS mailing list