[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] mail dos question

To: [email protected]
Subject: [FW-1] mail dos question
From: "Zielke, Alex" <[email protected]>
Date: Tue, 10 Sep 2002 09:56:49 -0400
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

This is really more of an Intrusion Detection question but I'm curious if
anyone else has seen this.  We are receiving tons of smtp traffic from one
source that was being rejected.  I am receiving the following in our logs:

Source:
208.x.x.x
Dest:
Our primary mx record
Service:
SMTP
Info:
Agent mail server reason Too many meaningless commands.  Quit the mail
session.

The traffic was being reject and we promptly added a rule to drop all from
that source but I'm curious exactly what it was.  It looks like a brute
force attack of commands on out mail servers.  Anyone experience something
like this before?

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] FWZ and IKE
Next by Date: Re: [FW-1] FW1 & Devices that support EtherChannel?
Prev by thread: [FW-1] HTTP SLOWS DOWN after upgrading 4.1 SP5 to SP6 then NG FP-2
Next by thread: Re: [FW-1] AW: [FW-1] AW: [FW-1] StoneBeat FullCluster 3.0 SP1 an d OPSEC cer tification
Index(es):
- Date
- Thread