How did this get through?
hede
kolab983 at der-he.de
Wed Mar 26 16:55:09 CET 2014
Am Wed, 26 Mar 2014 11:01:55 -0400 schrieb "Carpenter, Troy" <troy at carpenter.cx>:
> The only difference I see between this and normal relay probing is that
> the connect line implies the hacker (spammer) was actually authorized:
Yes, that's quite uncommon. Especially if there are not hundreds of other connection attempts from this IP.
i.e. there are no other lines with:
connect from unknown[attackerIP]
regards,
hede
More information about the users
mailing list