OVH

Scanning of the network

Every day our network is scanned 250 times by hackers. It cannot be prevented but it can be secured. The purpose of scanning is to find gaps in security system.

SMTP

Nov 2 08:06:40 ping postfix/smtpd4747: 5ED2B3BB3C: reject: RCPT from 102.50.233.64.transedge.com64.233.50.102: 554 : Relay access denied; from= to= proto=ESMTP helo=
Nov 2 08:06:40 ping postfix/smtpd4745: 8727B3BB3F: reject: RCPT from 102.50.233.64.transedge.com64.233.50.102: 554 : Relay access denied; from= to= proto=ESMTP helo=
Nov 2 08:06:41 ping postfix/smtpd5029: 0169C3BB40: reject: RCPT from 102.50.233.64.transedge.com64.233.50.102: 554 : Relay access denied; from= to= proto=ESMTP helo=
Nov 2 08:06:44 ping postfix/smtpd4747: DB5DB3BB3C: reject: RCPT from 102.50.233.64.transedge.com64.233.50.102: 554 : Relay access denied; from= to= proto=ESMTP helo=
Nov 2 08:06:47 ping postfix/smtpd5029: 992C73BB3C: reject: RCPT from 102.50.233.64.transedge.com64.233.50.102: 554 : Relay access denied; from= to= proto=ESMTP helo=
Nov 2 08:06:53 ping postfix/smtpd4747: 1F0B03BB3C: reject: RCPT from 102.50.233.64.transedge.com64.233.50.102: 554 : Relay access denied; from= to= proto=ESMTP helo=

'A hacker tries to sent an email via smtp server. This operation is done to check if there is a gap on the level of relay on smtp server which would enable sending spam'.

Web

Here is the scanning session of various files in force brute. It is done to look for loopholes in different scripts, especially in Windows software. A hacker checks if the scrips are present. If that is the case, he/she tries to attack the machine.

81.49.172.135 - - 02/Nov/2003:13:35:46 +0100 "GET /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=
4&CAPREQ=0 HTTP/1.1" 404 797 "-" "Mozilla/4.0 compatible; MSIE 6.0; Windows
NT 5.1)"
81.49.172.135 - - 02/Nov/2003:13:35:46 +0100 "GET /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=
4&CAPREQ=0 HTTP/1.1" 404 797 "-" "Mozilla/4.0 compatible; MSIE 6.0; Windows
NT 5.1)"
81.49.172.135 - - 02/Nov/2003:13:35:47 +0100 "GET /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=
4&CAPREQ=0 HTTP/1.1" 404 797 "-" "Mozilla/4.0 compatible; MSIE 6.0; Windows
NT 5.1)"
81.49.172.135 - - 02/Nov/2003:13:35:47 +0100 "GET /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STRMVER=
4&CAPREQ=0 HTTP/1.1" 404 797 "-" "Mozilla/4.0 compatible; MSIE 6.0; Windows
NT 5.1)"

'The same type of scanning on formail.pl and its clones are done on websites'. 'The main purpose is to find formail.pl scripts without protection that would enable sending spam'.