|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: "RelayFinder" Anyone else seen this? (erols, fnord, oneill may be interested)
I was hit at bpisles.liii.com, by autumn.news.erols.com, my host is in no way an SMTP server, and actually isn't even running an SMTP. Jun 23 02:54:15 bpisles tcplog: smtp connection attempt from autumn.news.erols.com On Wed, 24 Jun 1998, Dan Foster wrote: > Hot Diggety! On a bright and sunny day, Ryan K. Brooks was rumored to have said... > > Had a new box on the net for all of two hours, and this pops up on in my > > maillog: > > > > Jun 22 22:18:41 x sendmail[509]: WAA00509: SYSERR: putoutmsg > > (autumn.news.erols.com): error on output channel sending "250 > > delay=00:01:16, xdelay=00:01:16, mailer=esmtp, relay=luser.oneill.net. > > [207.96.89.34], stat=Deferred: Operation timed out with > > luser.oneill.net. > > Don't know what intentions were, but news.erols.com and oneill.net leads > me to believe you probably want to contact Clayton O'Neill at > [email protected] > > Was hit by that, too...the host was id'ed as hmm.colo.erols.net as > well as luser.oneill.net. Not too wild about it -- I figure SMTP hosts > identified by DNS is fair game, but generally regard any other questionable > access as potential abuse cases. > > hmm.colo.erols.net doesn't exist in the DNS, so I'm not sure offhand whether > this was spoofed or not. > > Clayton, you know anything about this? > > -Dan > > -Brian Pavane -LIII Support Staff
|