On Wed, 18 Oct 2006, Mike Grau wrote:
> Hello.
>
> (sendmail->mimdefang->spamassassin)
>
> Since this past weekend I been seeing in the mail log:
>
> possible SMTP attack: command=HELO/EHLO, count=3
>
> These used to be very rare, but since Saturday there are a great many
> (for us). For the past few hours, I've been firewalling the offending
> IPs with iptables as they occur, but so far the supply of IP addresses
> seems endless.
>
> The IPs do seem weighted towards a couple of ISPs in Israel though:
>
> No. of ip addresses:
>
> KOREA, REPUBLIC OF: 7
> RUSSIAN FEDERATION: 12
> GERMANY: 17
> CHINA: 20
> UNITED STATES: 21
> CZECH REPUBLIC: 47
> ISRAEL: 93
>
> I don't think any of these messages have actually made it as far as
> getting to SA, but can someone enlighten me as to what this is?
>
> -- Mike G
Seeing bunches here too from all over the world, looks like some kind
of bot flood. Funny thing, it all seemd to stop cold at 18:00 (CST) today.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
