Thanks, Dan!
Best,
--
Arthur Sherman
+972-52-4878851
CPTeam
> -----Original Message-----
> From: Dogsbody [mailto:dan (at mark) dogsbody.org]
> Sent: Wednesday, October 18, 2006 8:01 PM
> To: coba-e (at mark) bluequartz.org
> Subject: [coba-e:07608] Re: Possible attack
>
>
> > In latest LogWatch there are these entries:
> > WARNING!!!!
> > Possible Attack:
> > Attempt from 84.94.32.194.cable.012.net.il [84.94.32.194] with:
> > command=HELO/EHLO, count=3 : 1 Time(s)
> > Attempt from 89.0.227.64.dynamic.barak-online.net
> [89.0.227.64] with:
> > command=HELO/EHLO, count=3 : 1 Time(s)
> > Attempt from 89.1.83.114.dynamic.barak-online.net
> [89.1.83.114] with:
> > command=HELO/EHLO, count=3 : 1 Time(s)
> > Attempt from DSL217-132-11-39.bb.netvision.net.il
> [217.132.11.39] with:
> > command=HELO/EHLO, count=3 : 1 Time(s)
> > Attempt from bzq-88-152-109-158.red.bezeqint.net
> [88.152.109.158] with:
> > command=HELO/EHLO, count=3 : 1 Time(s)
> > Attempt from bzq-88-154-241-88.red.bezeqint.net
> [88.154.241.88] with:
> > command=HELO/EHLO, count=3 : 1 Time(s)
> >
> > How could I block them automatically, i.e. could I
> configure sendmail to
> > ignore them?
>
> I have seen lots of these attacks on my servers too over the
> last week, there
> must be a new attack vector that is being tried. As far as I
> can tell the
> servers (even the old Qubes and Raqs) are fending them off
> fine and the message
> is just for information.
>
> Dan
>