Peter J. Holzer wrote:
And now for something completely different :-)
For at least several months I have been seeing a large number of empty
mail transactions. Currently more than half of our connections consist
only of an EHLO command. The client disconnects immediately after the
response.
Ahh, I missed the immediately disconnects part. I'll blame it on the
very early (late) hour.
Is anybody else noticing this? If so, do you have an idea what this is
about? It looks like some kind of fingerprinting of course, but I'm
curious why so many are interested in the version of our mail server and
the extensions it supports. Maybe a worm trying to find a specific
vulnerable SMTP server?
Did you check to see from how many different IP's this is happening? It
is *possible* that this is just one broken worm, on one pwned system.
Gadi.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg