[nsp-sec] katusha infected drones
Scott A. McIntyre
scott at xs4all.net
Tue Jul 21 12:54:28 EDT 2009
On Jul 21, 2009, at 18:31 , Smith, Donald wrote:
> ----------- nsp-security Confidential --------
>
> Definitely seeing lots of tcp port 25 to and from our set of hosts
> which matches the description at the url you provided below.
>
> "Capability to send out email message(s) with the built-in SMTP
> client engine."
And, conversely, the ASN of ours within this list which has the
*strictest* 25/tcp rules (no incoming, no outgoing, only the permitted
smtp gateway) has the *most* number of hits/infections. The ASN which
is currently wide open, hardly a peep.
We live in a weird Universe!
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list