Is anyone else out there seeing a larger then normal increase in the number of port 1025 port scans? For the last couple of weeks the number of these has been larger and larger and they have been malformed at best. This weekend I turned of all machines for a 2-hour period and ran scans in-house to make sure nothing was provoking the scans, but they just kept a coming. Is anyone else seeing this? They have been primarily coming from South America, Asia and the US.
1025 seems to be used in default by a lot of SMTP listeners/proxies on legit servers (amavisd, content-scanners, etc) so I bet the spammers are hoping to inject spam/compromise there and bypass the port 25 defended SMTP listener.
block internet-to-port-1025, or even block internet-to-all-non-privileged ports by default.
Len _____________________________________________________________________ http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
