

Massive increase in SMTP attacks - jebblue

In the past 24 hours I&#x27;m seeing a massive up tick more like a tidal wave of SMTP port attacks. The majority are from Comcast, TWC and Cox cable IP addresses.<p>My theory is that hackers have breached some kind of significant Windows vulnerability.<p>Does anyone else see this? At all? Any increase in attacks on your systems, any port any surface?
======
nmc
Yes, seeing some phony SMTP requests from Comcast and Cox (easily blocked by
Spamhaus), but not in a larger amount than the usual. By how much was it a _"
massive up tick"_ on your systems?

~~~
jebblue
From none several days earlier to, it was happening every couple of minutes
when I made the submission to HN.

edit: Oh and yes definitely I use several blocking sites in my Postfix
configuration but I checked the reputation on those IPs at that time they were
not in the registries yet. Plus these, I should have explained, were failed
authentication attempts, not just plan spammers. You know using made up names
like harry, sally but sometimes valid ones like info.

I'm not math wiz but I doubt they could be lucky enough to guess the password
on account with tries at minute or more intervals, I also run fail2ban which
usually stops them too.

Still it just sort of jarred me, the number increased so fast. I was worried
there might be something else going on I could be missing.

~~~
stevekemp
I host SMTP for about 20 domains, and I think if your starting point is zero
then you've just been lucky.

Even for non-popular domains I get relay attempts, and spam deliveries, every
few seconds. Round. The. Clock.

It could just be that your server hadn't been detected, either via port-scans,
or via DNS lookups, and now it has been.

------
jlgaddis
[http://chilli.nosignal.org/mailman/listinfo/mailop](http://chilli.nosignal.org/mailman/listinfo/mailop)

