ietf-asrg
[Top] [All Lists]

Re: [Asrg] Empty mail transactions

2005-01-11 17:52:23
Peter J. Holzer wrote:
And now for something completely different :-)


For at least several months I have been seeing a large number of empty
mail transactions. Currently more than half of our connections consist
only of an EHLO command. The client disconnects immediately after the
response.

Is anybody else noticing this? If so, do you have an idea what this is
about? It looks like some kind of fingerprinting of course, but I'm
curious why so many are interested in the version of our mail server and
the extensions it supports. Maybe a worm trying to find a specific
vulnerable SMTP server?
        hp

Yes. We have seen this.

Actually, I found that when enough open connections are made (and obviously not closed), sendmail would eventually open enough processes to bring about an effective DoS, and die.

Our first encounter with this was with a bad application someone developed, the second was not so benign. No idea about what/who did it, but it did not persist like a worm usually would.

        Gadi.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


<Prev in Thread] Current Thread [Next in Thread>