ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] Help identifying unknown verb: FCCKV2

2012-09-28 17:34:07

Does anyone here know of a legitimate MTA, proxy/filter, IDS, or similar 
critter that sends this verb before sending EHLO?

  FCCKV2 zQUdwkgzYhu/noMgcNtA0wvhrV0T9SThL3koEfk=

In an http context it'd be something to do with Fortinet, I think. It's 
possible that it'd
show up on SMTP too, I guess.

Thanks Steve (and John), I've gotten several suggestions now that it's a Fortinet security device. I was just a little suspicious because of the keyword (really?), the protocol violation, and the existence of a trojan/dropper with the same name. And I haven't been able to coerce my own Fortinet box to do the same. Perhaps an Email to their support group would be in order.

<csg>
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>