[plug] open relay

Jon Miller jlmiller at mmtnetworks.com.au
Tue Jul 29 13:31:46 WST 2003


Thanks Ryan.  I registered and ran the test and it showed that my system is not an open relay.
Now as I'm viewing the packets at my gateway using tethereal -i eth1 port 25 | grep -i helo.  I can see all sorts of domains in this spam bomb attack.  Is there a way to stop this attack?
example:
145.560000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.sky-maps.com
166.180000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.myaver.com
175.470000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.freeadventure.net
204.810000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.hide-and-finddirect.com
215.410000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.sentinelpages.com
228.320000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.myaver.com
230.780000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.general-guide.net
254.290000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.sentinelpages.com
255.460000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.ispyking.net
264.130000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.funnyconnect.com
276.870000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.easyvested.com
283.160000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.general-guide.net
293.180000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.chasingafter.com
332.370000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.howsite.net
334.870000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.freeadventure.net
343.370000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.cyberlifeisus.net
353.030000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.responsehelp.net
364.020000  192.168.3.1 -> 203.153.224.10 SMTP Command: HELO mail.hide-and-finddirect.com

Jon L. Miller, MCNE, CNS
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby



>>> ryan at is.as.geeky.as 10:26:46 AM 28/07/2003 >>>
On Mon, 2003-07-28 at 10:57, Jon Miller wrote:
> Does anyone know of a site that can test an open relay? or the commands to use to test for open relay.

http://www.abuse.net/relay.html 

What is with the 're:' on top posts?  I don't get it.

Ryan






More information about the plug mailing list