I noticed something odd in my logs last night. It seems that someone is trying a name attack on my server, but they seem to be doing only 1 to 4 names an hour, and they seem to have distributed the sending across the internet. Here are some of the entries in my logs:
02:07:50 3 SMTP-080(MailHub11.HUB11.COM) Failed to verify. Real address is [207.178.206.51:1611] 02:07:50 1 SMTP-080([207.178.206.51]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 02:48:12 3 SMTP-081(cpiiis) Failed to verify. Real address is [208.38.25.33:37984] 02:48:13 1 SMTP-081([208.38.25.33]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 02:49:40 3 SMTP-082(mailserver.ptpress.com.cn) Failed to verify. Real address is [211.101.207.138:3512] 02:49:41 1 SMTP-082([211.101.207.138]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 02:51:27 3 SMTP-083(mail2.kriterium.local) Failed to verify. Real address is [216.136.100.10:60919] 02:51:27 1 SMTP-083([216.136.100.10]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown ... 04:32:04 3 SMTP-085(wonder.com.pl) Failed to verify. Real address is [213.17.165.142:18548] 04:32:07 1 SMTP-085([213.17.165.142]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown ... 05:06:54 1 SMTP-090(salvador.edicompany.com) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 05:08:23 3 SMTP-091(COELLI.gap.local) Failed to verify. Real address is [200.54.191.69:3827] 05:08:29 1 SMTP-091([200.54.191.69]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown ... 05:18:24 3 SMTP-093(OPUSCP) Failed to verify. Real address is [208.5.214.39:4431] 05:18:25 1 SMTP-093([208.5.214.39]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 05:29:37 3 SMTP-094(unibasent.mnemesis.com) Failed to verify. Real address is [209.88.60.210:2363] 05:29:38 1 SMTP-094([209.88.60.210]) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown 06:15:41 1 SMTP-095(mail.sol-tec.cl) Recipient '<[EMAIL PROTECTED]>' rejected: user unknown etc. This goes on into today. It's obviously someone just going through a list of possible names, but they're doing slowly, probably so they won't be noticed, and they appear to be doing it from dozens of different machines. Has anyone else seen this? Thanks, Darrin -- Darrin Cardani - [EMAIL PROTECTED] President, Buena Software, Inc. <http://www.buena.com/> Video, Image and Audio Processing Development ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
