[ale] Increase in SMTP traffic?

Michael Trausch mike at trausch.us
Sat May 30 15:07:48 EDT 2015


Me too. Mostly apparently coming from bot networks that appear to be looking for their own back doors. They appear to be using hard coded names and passwords and aren't terribly intelligent. Seems harmless against a well configured server that's properly isolated and isn't running other services to expose an entry point. 

My assumption is that these are installed-hook checks. Like the old days of DOS where you'd load AX with a value and call a software interrupt. You'd check the return value and ifit was correct, it's installed. Seems to be the same principle here. 

Sent from my iPhone

> On May 23, 2015, at 12:33 AM, Alex Carver <agcarver+ale at acarver.net> wrote:
> 
> Any of you running mail servers notice a sudden increase in traffic in
> the past week?  My server is usually pretty quiet but I've been seeing
> almost ten times the traffic to it now.  Most are from IPs with no
> reverse DNS so they get dropped by one of the ACLs but a few start to
> probe further.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list