[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is ADP port scanning ? (way off-topic)

On Mon, 21 Oct 2002, Bill Wichers wrote:

> Answer: it is not.
> What this all means is that the actwin.com mailserver tried to send an 
> email message to your server via SMTP, which is the Simple Mail Transfer 
> Protocol 
> from that machine with IP, which means someone either 
> intentionally sent a message from there, has a misconfigured mail client 
> that is trying to act as it's own mail server, or has a misconfigured DNS 
> zone indicating that machine as a primary MX for some domain.

Bill's explanation is great.  But further, It's not even a misconfiguring
on actwin.com's part.  A dig on "mail.petswarehouse.com" today yields some
interesting results:

mail.petswarehouse.com. 3600    IN      MX      10 petswarehouse.com.
mail.petswarehouse.com. 3600    IN      A

[stuff deleted]

petswarehouse.com.      3600    IN      A  <--- THIS ONE
petswarehouse.com.      3600    IN      A

[Redacted], not actwin.com.  A normal person sending mail has a
certain probability that 161.170 will get picked as the machine to deliver
it to.  It's a smaller probability thatn 82.126, but it's there 


I suspect that either there are a number of other so-called "port scans"
from totally random people that the original friendly hotmail-poster
didn't mention, or actwin.com was the only person mailing their sorry
little e-mail address at the moment.  They should fix their severs.  They
should also stop posting irellevant things on this list.  Hrmph, we 
shouldn't be giving them free help for configuring their servers either.

  - Erik
   (part-time unix admin of one)

PS: AGA Convention news: My wife and I are offering van/car transportation 
to/from the airport to help folks save on taxi costs.  e-mail me for 
details.  Not too late to sign up for the convention, but darn close!

Erik Olson
erik at thekrib dot com