[olug] Configuring Sendmail

Jon H. Larsen relayer at levania.org
Tue Jan 25 18:02:05 UTC 2005 

Please make sure you're running a current version of sendmail. :)

As stated on Internet Storm Center:

<http://isc.sans.org//diary.php?date=2005-01-23&isc=7521bf65ee4ef2b409f5060d082ee178>

---- begin excerpt ----

Further Review of Port 2525 Activity; K-OTik.com reveals new English 
version of Website

Activity and analysis of port 2525 continues, while the France-based 
K-OTik Security reveals an English version of their website.

Update on Port 2525 Increase
Earlier today, one of our readers submitted that SBC has closed outbound 
Port 25 to their DSL customers. The reader also submitted that 2525 is 
indeed their alternative SMTP port. Another note on messaging alternative, 
submitted by fellow Handler Erik Fichtner, is that port 587 is setup 
exactly for the purpose of alternative message submission port. 
http://www.faqs.org/rfcs/rfc2476.html paragraph 3.1 states, Port 587 is 
reserved for email message submission as specified in this document. In 
addition, another observation is the increase of port activity in the 
2500-2600 range. A random sample, shown in the links below, indicates an 
increase in both records and sources submitted. Beginning on 17 Jan. 2005, 
continuing through today, is an increase of activity, across the board, in 
the ranges specified above. In contrast, a look at two samples outside the 
range shows normal activity for the same period.

http://isc.sans.org/port_details.php?port=2587&repax=1&tarax=2&srcax=2&percent=N&days=40

http://isc.sans.org/port_details.php?port=2508&repax=1&tarax=2&srcax=2&percent=N&days=40

http://isc.sans.org/port_details.php?port=2543&repax=1&tarax=2&srcax=2&percent=N&days=40

http://isc.sans.org/port_details.php?port=5714&repax=1&tarax=2&srcax=2&percent=N&days=40

http://isc.sans.org/port_details.php?port=7726&repax=1&tarax=2&srcax=2&percent=N&days=40

The possibility exists that we are currently seeing two separate 
activities, with related ports, or port ranges. We will continue to post 
updates as they come in. As always, any information, logs, captures, or 
thoughts regarding this activity is welcome. 

---- end excerpt ----

-- 
Jon H. Larsen  - relayer -at- levania -dot- org
Omaha Linux Users Group - http://www.olug.org/
AnimeSunday.org - http://www.animesunday.org/
ICQ#: 10412618 - http://www.levania.org/~relayer/
GPG/PGP Pubkey - http://www.levania.org/~relayer/relayerpubkey.txt

More information about the OLUG mailing list