Hey, Josh - 

I don't know if this means anything, but while I was working on locking
down SMTP over here, we were alerted to the problem because earthlink was
doing scans to make sure we didn't have any open SMTP relays - not always
on the standard port...perhaps hotmail's doing the same thing OR someone
going through hotmail is trying to find an opening to spam from?

Liz

On Thu, 23 Aug 2001, Joshua b. Jore wrote:

> Nope, the box getting the connections is MS-free. The only reason hotmail shoudl be talking to my box is to deliver mail or do DNS in the service of mail. In that case I should see connections *to* ports 25 and 53, not *from* 25. It's an idea tho. I just don't use MSN Messenger.
> 
> Joshua Jore
> Minneapolis Ward 3, precinct 10
>   "The irony of this man being imprisoned in the United States and longing
> to return to once-Communist Russia so he can regain his right to free
> speech is simply staggering." - someone else
> 
> On Thu, 23 Aug 2001, doug wrote:
> 
> > Are you logged on to msn messenger or logged into the hotmail service on any
> > machine? I'm not sure if messenger uses port 25 for anything or not (believe
> > it does), but I know it does use non-standard ports as well. I'd find it
> > hard to believe it's trojaned and snooping you but then again it's M$ so who
> > really knows what's going on there ;-)
> > ----- Original Message -----
> > From: "Joshua b. Jore" <josh at greentechnologist.org>
> > To: <tclug-list at mn-linux.org>
> > Sent: Wednesday, August 22, 2001 8:03 PM
> > Subject: [TCLUG] hotmail servers scanning...
> >
> >
> > > Just a general issue, I've noticed a few IPs from the hotmail.com IP range
> > > doing some curious scanning. The same IP will try several times to connect
> > to
> > > a specific high port and it's always sourced from the smtp port.
> > >
> > > I'm including a grep from my firewall log where it shows the hotmail IP,
> > the
> > > source port, the destination port (where I blocked the access) and how
> > many
> > > times the hotmail IP tried. So what's going on? Is hotmail trojaned or
> > > something? Am I just missing something important here?
> > >
> > > 64.4.55.73 25 8546 6
> > > 64.4.55.171 25 10273 6
> > > 64.4.42.33 25 18839 11
> > > 64.4.49.144 25 44093 11
> > > 64.4.56.229 25 42600 7
> > > 64.4.56.203 25 11097 6
> > > 64.4.56.176 25 21336 5
> > > 64.4.55.20 25 40832 10
> > > 64.4.55.155 25 47103 11
> > > 64.4.42.30 25 29489 11
> > > 64.4.50.13 25 48844 11
> > > 64.4.56.226 25 23369 6
> > >
> > > Joshua Jore
> > > Minneapolis Ward 3, precinct 10
> > >   "The irony of this man being imprisoned in the United States and longing
> > > to return to once-Communist Russia so he can regain his right to free
> > > speech is simply staggering." - someone else
> > >
> > > _______________________________________________
> > > tclug-list mailing list
> > > tclug-list at mn-linux.org
> > > https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> > >
> >
> > _______________________________________________
> > tclug-list mailing list
> > tclug-list at mn-linux.org
> > https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> >
> 
> _______________________________________________
> tclug-list mailing list
> tclug-list at mn-linux.org
> https://mailman.mn-linux.org/mailman/listinfo/tclug-list
> 

-- 
Imagination is intelligence having fun...
e-mail:  kethry at winternet.com
URL:  http://WWW.winternet.com/~kethry/index.html