Portsentry isn't just for portscanning. The old-time method of
hacking into a machine involved/involves port surfing. Rather than
simply running a scanner, someone may simply try to telnet into a
series of specific ports. One reason one may wish to use your port 25
could be for email spoofing - get in and send email from your system
in an attempt to hide their actual name/location to the recipient. Of
course, they could also seek to get on and try to run an exploit on
your server or simply try to gather info about your system for future
hacking reference.
-----Original Message-----
From: George Lenzer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 03, 1999 1:39 PM
To: [EMAIL PROTECTED]
Cc: recipient.list.not.shown
Subject: Mail Server Newbie (and a Portsentry question)
I just finished setting up a mail server for the first time. I am
using
POP3 and have disabled IMAP since I won't be using that. I have a
domain
[...]
My other question regards portsentry. I noticed that any machines
that
attempt to use my SMTP server that aren't in my sendmail.cw file get
dumped
into /etc/hosts.deny. Is this normal behavior for Portsentry? I
didn't
realize that trying to use port 25 from an unauthorized host would
come off
as a port scan. This is just a curiosity to me.
[...]
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
