And now for something completely different :-)
For at least several months I have been seeing a large number of empty
mail transactions. Currently more than half of our connections consist
only of an EHLO command. The client disconnects immediately after the
response.
Is anybody else noticing this? If so, do you have an idea what this is
about? It looks like some kind of fingerprinting of course, but I'm
curious why so many are interested in the version of our mail server and
the extensions it supports. Maybe a worm trying to find a specific
vulnerable SMTP server?
hp
--
_ | Peter J. Holzer | Je höher der Norden, desto weniger wird
|_|_) | Sysadmin WSR | überhaupt gesprochen, also auch kein Dialekt.
| | | hjp(_at_)hjp(_dot_)at | Hallig Gröde ist fast gänzlich
dialektfrei.
__/ | http://www.hjp.at/ | -- Hannes Petersen in desd
pgpEji7oARiKu.pgp
Description: PGP signature
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg