"RelayFinder" Anyone else seen this? (erols, fnord, oneill may be interested)
Brian Pavane
bpavane at liii.com
Wed Jun 24 16:54:27 UTC 1998
I was hit at bpisles.liii.com, by autumn.news.erols.com, my host is in no
way an SMTP server, and actually isn't even running an SMTP.
Jun 23 02:54:15 bpisles tcplog: smtp connection attempt from
autumn.news.erols.com
On Wed, 24 Jun 1998, Dan Foster wrote:
> Hot Diggety! On a bright and sunny day, Ryan K. Brooks was rumored to have said...
> > Had a new box on the net for all of two hours, and this pops up on in my
> > maillog:
> >
> > Jun 22 22:18:41 x sendmail[509]: WAA00509: SYSERR: putoutmsg
> > (autumn.news.erols.com): error on output channel sending "250
> > delay=00:01:16, xdelay=00:01:16, mailer=esmtp, relay=luser.oneill.net.
> > [207.96.89.34], stat=Deferred: Operation timed out with
> > luser.oneill.net.
>
> Don't know what intentions were, but news.erols.com and oneill.net leads
> me to believe you probably want to contact Clayton O'Neill at
> coneill at erols.com.
>
> Was hit by that, too...the host was id'ed as hmm.colo.erols.net as
> well as luser.oneill.net. Not too wild about it -- I figure SMTP hosts
> identified by DNS is fair game, but generally regard any other questionable
> access as potential abuse cases.
>
> hmm.colo.erols.net doesn't exist in the DNS, so I'm not sure offhand whether
> this was spoofed or not.
>
> Clayton, you know anything about this?
>
> -Dan
>
>
-Brian Pavane
-LIII Support Staff
More information about the NANOG
mailing list