|
-
December 1st, 2004, 02:49 PM
#1
New IMAP scanning tool?
Been getting quite a bit of this in the 'secure' log within the last few days.
Nov 28 07:29:22 lydgate xinetd[7641]: START: imap pid=24240 from=217.35.91.223
Nov 28 07:29:22 lydgate xinetd[7641]: EXIT: imap pid=24240 duration=0(sec)
Nov 28 15:48:45 lydgate xinetd[7641]: START: imap pid=24599 from=81.174.141.187
Nov 28 15:48:45 lydgate xinetd[7641]: EXIT: imap pid=24599 duration=0(sec)
Nov 29 01:42:18 lydgate xinetd[7641]: START: imap pid=25123 from=212.19.61.210
Nov 29 01:42:21 lydgate xinetd[7641]: EXIT: imap pid=25123 duration=3(sec)
I've found http://www.cotse.com/sw/portscan/imapd_scan.sh but AFAIK this an old thing
Is there a new imap scanning tool doing the rounds?
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
December 1st, 2004, 02:59 PM
#2
Two new IMAP vulns are responsible for the additional traffic.
Here
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
December 1st, 2004, 03:08 PM
#3
There must be a new tool around, just for 143 scanning since any general scans would have tripped countermeasures.
Anyone seen any example scripts/code.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
December 1st, 2004, 03:12 PM
#4
There was a Remote Mercury32 IMAP *working* exploit posted to the FD, however, this was only posted on the 30th....
http://lists.netsys.com/pipermail/fu...er/029629.html
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
December 1st, 2004, 03:20 PM
#5
The following was posted on the Internet Storm Center yesterday:
Scans against port 143 (imap) are up considerably today: http://isc.sans.org/port_details.php?port=143
This coincides with the release of an exploit against imap server in Mercury Mail 4.01 (aka Pegasus Mail). For details, seehttp://www.pmail.com/ . I don't think this package is very popular, but some Windows users may use it as an easy to administer/install mailserver.
In addition, a number of vulnerabilities against the popular Cyrus IMAP server where released last week: http://security.e-matters.de/advisories/152004.html
Cheers:
-
December 1st, 2004, 03:24 PM
#6
There's an echo, echoo, echoo.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
December 1st, 2004, 03:38 PM
#7
Sorry Tiger, not enough coffee yet....... 
Cheers:
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
