[CentOS] A new attack

Fri Nov 10 15:22:19 UTC 2006
Patrick <centos-list at puzzled.xs4all.nl>

On Fri, 2006-11-10 at 09:45 -0500, John Hinton wrote:
> Log report is reporting a lot of these lately.. following is just a 
> short snippet from the beginning on one server.
> 
> WARNING!!!!
> Possible Attack:
>    Attempt from 104.29.broadband2.iol.cz [83.208.29.104] with:
>       command=HELO/EHLO, count=3 : 1 Time(s)
>    Attempt from 106.7.broadband7.iol.cz [88.102.7.106] with:
>       command=HELO/EHLO, count=3 : 1 Time(s)
>    Attempt from 106.74.broadband5.iol.cz [88.100.74.106] with:
>       command=HELO/EHLO, count=3 : 1 Time(s)
>    Attempt from 126.239.broadband7.iol.cz [88.102.239.126] with:
>       command=HELO/EHLO, count=3 : 1 Time(s)
>    Attempt from 144.Red-80-34-151.staticIP.rima-tde.net [80.34.151.144] 
> with:
>       command=HELO/EHLO, count=3 : 1 Time(s)
> 
> Could anyone expand on what these folks are actually doing? And if I 
> should be concerned?
> 
> This is happening on both my CentOS 3 and 4 systems, all running Sendmail.

Not sure but I do know that hosts on the rima-tde.net network always try
to send me tons of spam and rima-tde.net does not act upon any spam
report. My logs show that rima-tde.net and tpnet.pl score top place when
it comes to spam attempts from European hosts. Haven't seen iol.cz in my
logs but I will keep an eye on them too.

Regards,
Patrick