[CentOS] A new attack

John Hinton <webmaster@xxxxxxxx> · Fri, 10 Nov 2006 09:45:45 -0500

Log report is reporting a lot of these lately.. following is just a 
short snippet from the beginning on one server.

WARNING!!!!
Possible Attack:
  Attempt from 104.29.broadband2.iol.cz [83.208.29.104] with:
     command=HELO/EHLO, count=3 : 1 Time(s)
  Attempt from 106.7.broadband7.iol.cz [88.102.7.106] with:
     command=HELO/EHLO, count=3 : 1 Time(s)
  Attempt from 106.74.broadband5.iol.cz [88.100.74.106] with:
     command=HELO/EHLO, count=3 : 1 Time(s)
  Attempt from 126.239.broadband7.iol.cz [88.102.239.126] with:
     command=HELO/EHLO, count=3 : 1 Time(s)
  Attempt from 144.Red-80-34-151.staticIP.rima-tde.net [80.34.151.144] 
with:
     command=HELO/EHLO, count=3 : 1 Time(s)

Could anyone expand on what these folks are actually doing? And if I 
should be concerned?

This is happening on both my CentOS 3 and 4 systems, all running Sendmail.

Thanks,
John Hinton
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos