[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA0BKn9uKnWEeCDU7Vx+IAQ8KAAAAQAAAA+dDzR4+aREKE8mHn6kVdsgEAAAAA@online.gateway.strangled.net>
Date: Sun Aug 14 18:41:35 2005
From: aditya.deshmukh at online.gateway.strangled.net (Aditya Deshmukh)
Subject: IMAP scans? Something going on I should
knowabout?
My personal logs for imap scan for last 3 days -
11/08/2005 10:47:29 IMAP: (Accept) Receiving from 218.47.179.77
11/08/2005 10:48:00 IMAP: (Accept) Receiving from 218.47.179.77
12/08/2005 10:31:06 IMAP: (Accept) Receiving from 220.224.38.222
12/08/2005 14:00:34 IMAP: (Accept) Receiving from 61.155.62.178
12/08/2005 14:00:35 IMAP: (Accept) Receiving from 61.155.62.178
12/08/2005 14:08:57 IMAP: (Accept) Receiving from 61.155.62.178
12/08/2005 14:08:58 IMAP: (Accept) Receiving from 61.155.62.178
12/08/2005 19:11:59 IMAP: (Accept) Receiving from 220.224.1.25
13/08/2005 07:17:36 IMAP: (Accept) Receiving from 220.224.3.145
13/08/2005 12:09:46 IMAP: (Accept) Receiving from 220.224.48.17
13/08/2005 13:37:34 IMAP: (Accept) Receiving from 61.155.62.178
13/08/2005 13:37:36 IMAP: (Accept) Receiving from 61.155.62.178
13/08/2005 13:49:08 IMAP: (Accept) Receiving from 220.224.0.106
13/08/2005 17:03:32 IMAP: (Accept) Receiving from 220.224.0.214
13/08/2005 17:03:35 IMAP: (Accept) Receiving from 220.224.0.214
13/08/2005 18:44:57 IMAP: (Accept) Receiving from 220.224.36.248
13/08/2005 18:45:00 IMAP: (Accept) Receiving from 220.224.36.248
13/08/2005 22:23:22 IMAP: (Accept) Receiving from 220.224.21.178
13/08/2005 22:53:11 IMAP: (Accept) Receiving from 220.224.0.173
13/08/2005 22:53:14 IMAP: (Accept) Receiving from 220.224.0.173
14/08/2005 01:38:45 IMAP: (Accept) Receiving from 220.224.17.140
14/08/2005 01:38:47 IMAP: (Accept) Receiving from 220.224.17.140
14/08/2005 11:39:52 IMAP: (Accept) Receiving from 61.155.62.178
14/08/2005 11:39:53 IMAP: (Accept) Receiving from 61.155.62.178
14/08/2005 11:45:31 IMAP: (Accept) Receiving from 58.1.64.17
14/08/2005 11:45:33 IMAP: (Accept) Receiving from 58.1.64.17
14/08/2005 13:07:19 IMAP: (Accept) Receiving from 220.224.2.50
14/08/2005 13:07:29 IMAP: (Accept) Receiving from 220.224.2.50
14/08/2005 15:08:35 IMAP: (Accept) Receiving from 220.224.41.75
14/08/2005 16:40:42 IMAP: (Accept) Receiving from 220.175.143.169
14/08/2005 16:40:44 IMAP: (Accept) Receiving from 220.175.143.169
14/08/2005 16:42:02 IMAP: (Accept) Receiving from 220.224.11.220
14/08/2005 16:42:10 IMAP: (Accept) Receiving from 220.224.11.220
14/08/2005 17:19:17 IMAP: (Accept) Receiving from 220.224.42.213
14/08/2005 21:58:15 IMAP: (Accept) Receiving from 219.65.238.37
14/08/2005 21:58:18 IMAP: (Accept) Receiving from 219.65.238.37
> Anything going on out there that I've missed? Thanks!
I would like to know is there some imap exploit floating about ?
I am trying to get a packet dump I will post as soon as I get one.
I have set the next alert to be logged with the packet dump
Can anyone else also get a packet dump for correlation ?
- Aditya
begin 666 smime.p7s
M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )!@4K#@,"&@4`,( &"2J&2(;W#0$'
M`0``H(()?3""`P4P@@)NH ,"`0("`P]$"# -!@...DB&]PT!`00%`#!B,0LP
M"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@
M3'1D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E<G-O;F%L($9R965M86EL($ES<W5I
M;F<@0T$P'A<-,#4P.# X,#0T.#0V6A<-,#8P.# X,#0T.#0V6C!>,1\P'08#
M500#$Q94:&%W=&4@1G)E96UA:6P@...M8F5R,3LP.08)*H9(AO<-`0D!%BQA
M9&ET>6$N9&5S:&UU:VA ;VYL:6YE+F=A=&5W87DN<W1R86YG;&5D+FYE=#""
M`2(P#08)*H9(AO<-`0$!!0`#@@$/`#""`0H"@@$!`*V[W[(L0FU!P+1;>W$3
M#Y[VQE1?27[6O))6O0TQLW<>.T@"MP_U8N/"P@...-Q4J_GR0P_=0B-%7T%]
M/_*118FW<GJTQ2Y6+T6.JZ-"<V1#&@1"$E^;LBB1=GQ*5H)6W.? .[":C?!3
M,&\>>JE!@...GU[LWI=RGS,1J*ZPO1$$IU5'0C]8<::RUXQP#U>TTOXC,;U"
M0.[%) ]V#K2#6<V^(<$TRLCR(7&T7ZR\$U?4)$;$. Z58&1SU5-$4^5S8K*5
MP6 (2;QCS9)QQIY<^9FI5T<=H6^($95*"Z"1N*S6H+@...7W[RL9VM9^D]!1
M9,MC2J,`"9T3)^PF*1LSDJL"`P$``:-),$<P-P8#51T1!# P+H$L861I='EA
M+F1E<VAM=6MH0&]N;&EN92YG871E=V%Y+G-T<F%N9VQE9"YN970P# 8#51T3
M`0'_! (P`# -!@...DB&]PT!`00%``.!@0"BDKT.@ H76F=3A< 6U35ML_P[
MA^I;Y'@>AY.E&P[2_W9XX=QE<<@]*K%%\<A5(YA>;R6?<"W&ZX2A]ZU%K",%
MBXMM!V2R'^.5P!5 A+R&K^$(G9?,MQBX5#NX"_6)<BHH<))CUL(%+XMI&$<G
MK]YHF?3R3ET,*64XME+=L%H'.#""`RTP@@*6H ,"`0("`0`P#08)*H9(AO<-
M`0$$!0`P@=$Q"S )!@-5! 83`EI!,14P$P8#500($PQ797-T97)N($-A<&4Q
M$C 0!@-5! <3"4-A<&4@5&]W;C$:,!@...4$"A,15&AA=W1E($-O;G-U;'1I
M;F<Q*# F!@-5! L3'T-E<G1I9FEC871I;VX@...R=FEC97,@1&EV:7-I;VXQ
M)# B!@-5! ,3&U1H87=T92!097)S;VYA;"!&<F5E;6%I;"!#03$K,"D&"2J&
M2(;W#0$)`18<<&5R<V]N86PM9G)E96UA:6Q =&AA=W1E+F-O;3 >%PTY-C Q
M,#$P,# P,#!:%PTR,#$R,S$R,S4Y-3E:,('1,0LP"08#500&$P):03$5,!,&
M`U4$"!,,5V5S=&5R;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C 8!@-5
M! H3$51H87=T92!#;VYS=6QT:6YG,2@P)@8#500+$Q]#97)T:69I8V%T:6]N
M(%-E<G9I8V5S($1I=FES:6]N,20P(@8#500#$QM4:&%W=&4@...R<V]N86P@
M1G)E96UA:6P@...Q*S I!@...DB&]PT!"0$6''!E<G-O;F%L+69R965M86EL
M0'1H87=T92YC;VTP@9\P#08)*H9(AO<-`0$!!0`#@8T`,(&)`H&!`-1IU]2P
ME&1;<>E'V Q1MNIRD;"$7GTM#8][$M^%)74H=#I"+&,GGY5[2^]^&8<=ANJC
MW;G.EF0:PA1N1*Q\YH_H30]Q'T XI@"CAWCV^92&7JWJP%YVZ]D4HUUN>GP,
MI4M5?P89*7^>FB;5:KLX) AJF,>QVJ.8D?UYV^5:Q!RY`@,!``&C$S 1, \&
M`U4=$P$!_P0%, ,!`?\P#08)*H9(AO<-`0$$!0`#@...Q^R2?D[X]9:E9V(J
MI/!-$6#0;XU@...L)KM2-5P(SS#[J$J6BA]B0B.,%P_TNF2<%ZQ'*=^=F%[2
M;&!Q7**LW'GCYVX`1Q^U#2CH`IWDFOT3]*;9?+'XW%\C)@F1@...%!O>0ZF#
M)?+FG"\5ROZFJXH'=8L,W5&$:^3XT<YWHH$P@@,_,(("J* #`@$"`@$-, T&
M"2J&2(;W#0$!!04`,('1,0LP"08#500&$P):03$5,!,&`U4$"!,,5V5S=&5R
M;B!#87!E,1(P$ 8#500'$PE#87!E(%1O=VXQ&C 8!@-5! H3$51H87=T92!#
M;VYS=6QT:6YG,2@P)@8#500+$Q]#97)T:69I8V%T:6]N(%-E<G9I8V5S($1I
M=FES:6]N,20P(@8#500#$QM4:&%W=&4@...R<V]N86P@1G)E96UA:6P@...Q
M*S I!@...DB&]PT!"0$6''!E<G-O;F%L+69R965M86EL0'1H87=T92YC;VTP
M'A<-,#,P-S$W,# P,# P6A<-,3,P-S$V,C,U.34Y6C!B,0LP"08#500&$P):
M03$E,",&`U4$"A,<5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@...D+C$L,"H&
M`U4$`Q,C5&AA=W1E(%!E<G-O;F%L($9R965M86EL($ES<W5I;F<@0T$P@9\P
M#08)*H9(AO<-`0$!!0`#@8T`,(&)`H&!`,2F/%5S5?M.N<J96AYHP'4$<)W?
MZ?^C'NR]S?5;\AIVO7\,.F'ROU'.`=3E4 HPUP)C6BR)%7".W<GP*X5:JC]Q
M5LNO/ L'Y_$?D38D*A//*]7S@G<]`[XK_KL8/@>_0( "9->GIKN?9='%*E2%
M#T@$?Z>VT3QA!$ >9!ER8+?[`@,!``&C@90P@...$@...1T3`0'_! @P!@$!
M_P(!`#!#!@...1\$/# Z,#B@-J TAC)H='1P.B\O8W)L+G1H87=T92YC;VTO
M5&AA=W1E4&5R<V]N86Q&<F5E;6%I;$-!+F-R;# +!@...0\$! ,"`08P*08#
M51T1!"(P(*0>,!PQ&C 8!@-5! ,3$5!R:79A=&5,86)E;#(M,3,X, T&"2J&
M2(;W#0$!!04``X&!`$B,T5"#Z@LNS VC9JQG#W^OK+["%Z%#EI2=?TPAN/@V
M'ZHMGS8OP/0<4""3<#S]K>%A8L/9.AE^A+&9&P#%&@N"=)XE4)1BQ]LG<5<E
MC=VIG#F.C"!/95^5VO?WA];&"$ZN]NHTY1 :6S5-=^-6(7B"W"$9-=XDL=,=
M1O]=7V5/,8(#MS""`[,"`0$P:3!B,0LP"08#500&$P):03$E,",&`U4$"A,<
M5&AA=W1E($-O;G-U;'1I;F<@*%!T>2D@...D+C$L,"H&`U4$`Q,C5&AA=W1E
M(%!E<G-O;F%L($9R965M86EL($ES<W5I;F<@0T$"`P]$"# )!@4K#@,"&@4`
MH(("(S 8!@...DB&]PT!"0,Q"P8)*H9(AO<-`0<!,!P&"2J&2(;W#0$)!3$/
M%PTP-3 X,30Q-S,T,S=:,",&"2J&2(;W#0$)!#$6!!0@...A.2$W0AF=HTE_
M3#!:9D[+1C!E!@...DB&]PT!"1 "`3%6,%0$'0`````0````^=#S1X^:1$*$
M\F'GZD5=L@...```@ $`,# P+H$L861I='EA+F1E<VAM=6MH0&]N;&EN92YG
M871E=V%Y+G-T<F%N9VQE9"YN970P9P8)*H9(AO<-`0D/,5HP6# *!@@JADB&
M]PT#!S .!@@JADB&]PT#`@("`( P#08(*H9(AO<-`P("`4 P!P8%*PX#`@<P
M#08(*H9(AO<-`P("`2@...8%*PX#`AHP"@8(*H9(AO<-`@4P> 8)*P8!! &"
M-Q $,6LP:3!B,0LP"08#500&$P):03$E,",&`U4$"A,<5&AA=W1E($-O;G-U
M;'1I;F<@*%!T>2D@...D+C$L,"H&`U4$`Q,C5&AA=W1E(%!E<G-O;F%L($9R
M965M86EL($ES<W5I;F<@0T$"`P]$"#!Z!@...DB&]PT!"1 ""S%KH&DP8C$+
M, D&`U4$!A,"6D$Q)3 C!@-5! H3'%1H87=T92!#;VYS=6QT:6YG("A0='DI
M($QT9"XQ+# J!@-5! ,3(U1H87=T92!097)S;VYA;"!&<F5E;6%I;"!)<W-U
M:6YG($-!`@,/1 @P#08)*H9(AO<-`0$!!0`$@@$`HWDW-*\U5X&[3S,OO=-S
MJ20>`!"=$H[2A0Q)M<\Z";%=W@...XS9ZQV^E*I29>UC=^LAGB-#T^!M)7@6
M_ETK#*X>*=CKW8[*%1"#A+AHAC/K&:7N:W3H`4/<4G#EJ_9$PFZP$]BYUZD5
M<TW!Z%.M7"]S&5_><Y2VDCY[]S,"0# 6\/N]/Z)X!L!Y>][_2#1<<Z18V1&6
MHM!@...HR8\$#O@N,XYWS8=Y#7L(=<6^0<Z--]XMP2F>:X<(JTF8&>@.NHFK
M/\J=P/97#W3,: ;3:4S1-7Q&MZWLBZPGK_LKKXH"C@F_@)^J$;9@LE0[;X'1
6K_'%L!V.<Z!&C "?9DBQ? ``````````
`
end
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
Powered by blists - more mailing lists