Port Details - Port 25

Oct 24 24,118 Oct 25 24,665 Oct 26 26,429 Oct 27 17,009 Oct 28 22,518 Oct 29 23,177 Oct 30 21,821 Oct 31 17,003 Nov 01 18,750 Nov 02 20,259 Nov 03 21,105 Nov 04 19,081 Nov 05 19,650 Nov 06 22,125 Nov 07 19,016 Nov 08 17,498 Nov 09 14,548 Nov 10 16,882 Nov 11 22,499 Nov 12 18,270 Nov 13 15,339 Nov 14 18,552 Nov 15 16,953 Nov 16 17,826 Nov 17 19,421 Nov 18 17,474 Nov 19 14,181 Nov 20 15,386 Nov 21 9,283 Nov 22 1,318 Oct 24 7,669 Oct 25 10,900 Oct 26 11,059 Oct 27 4,833 Oct 28 7,588 Oct 29 6,754 Oct 30 6,514 Oct 31 5,827 Nov 01 8,235 Nov 02 6,469 Nov 03 5,704 Nov 04 5,439 Nov 05 7,558 Nov 06 5,984 Nov 07 8,110 Nov 08 8,008 Nov 09 8,362 Nov 10 6,793 Nov 11 8,668 Nov 12 6,567 Nov 13 7,498 Nov 14 5,553 Nov 15 6,347 Nov 16 9,018 Nov 17 9,140 Nov 18 9,046 Nov 19 10,299 Nov 20 7,362 Nov 21 6,286 Nov 22 1,629
[show ascii data]
  • Start Date:
  • End Date:
  • Port:
  • Left Graph:
  • Right Graph:
  • Show Range:Yes No

Port Information

ProtocolServiceName
udpsmtpSimple Mail Transfer
tcpsmtpSimple Mail Transfer
tcpWinPC[trojan] WinPC
tcpMoscowEmailtrojan[trojan] Moscow Email trojan
tcpNaebi[trojan] Naebi
tcpNewAptworm[trojan] NewApt worm
tcpProMailtrojan[trojan] ProMail trojan
tcpShtirlitz[trojan] Shtirlitz
tcpWinSpy[trojan] WinSpy
tcpStealth[trojan] Stealth
tcpStukach[trojan] Stukach
tcpTapiras[trojan] Tapiras
tcpTerminator[trojan] Terminator
tcpMBT[trojan] MBT (Mail Bombing Trojan)
tcpMBTMailBombingTrojan[trojan] MBT (Mail Bombing Trojan)
tcpMagicHorse[trojan] Magic Horse
tcpAntigen[trojan] Antigen
tcpBarok[trojan] Barok
tcpBSE[trojan] BSE
tcpEmailPasswordSender[trojan] Email Password Sender - EPS
tcpEPSII[trojan] EPS II
tcpGip[trojan] Gip
tcpGris[trojan] Gris
tcpHappy99[trojan] Happy99
tcpHpteammail[trojan] Hpteam mail
tcpHybris[trojan] Hybris
tcpIloveyou[trojan] I love you
tcpKuang2[trojan] Kuang2
tcpAjan[trojan] Ajan
[get complete service list]

User Comment

Submitted ByDate
Comment
Richard Ashford - www.insysnet.com2004-10-28 05:16:21
There has been a significant rise in SMTP port 25 traffic likely due to the Netsky and Bagle worms (notice the SMTP absolute figures over the past 40 days). Mail servers across the internet appear to be being bombarded. I have also seen an affect on a number of websites - my assumption is that unpatched systems and badly configured firewalls are allowing out internal traffic on port 25 to spread the worm variants - this outgoing traffic is disrupting outgoing web server traffic. I have noticed problems with a number of different ISPs and with some of clients with mail servers directly on the internet. I believe that the Virus vendors have significantly under-estimated the distribution of these mass-email worms. Apart from the obvious patches and up-to-date Virus software, my advice is close down outgoing port 25 to all but internal mail servers and ensure all mail is routed through the internal servers - this will prevent any infected systems from spreading the worm further. Let's hope this settles down over the next few days, otherwise it has the potential to bring the internet to it's knees.
Marcus H. Sachs, SANS Institute2003-10-10 00:34:57
SANS Top-20 Entry: U6 Sendmail http://isc.sans.org/top20.html#u6 Sendmail is the program that sends, receives, and forwards most electronic mail processed on UNIX and Linux systems. Sendmail is the most popular Mail Transfer Agent (MTA) and its widespread use on the Internet has historically made it a prime target of attackers, resulting in numerous exploits over the years. Most of these exploits are successful only against older or unpatched versions of the software. Despite the fact that the known vulnerabilities are well documented and have been repaired in newer releases, there remain so many outdated or misconfigured versions still in use today that Sendmail remains one of the most frequently attacked services. Among the most recent critical vulnerabilities are: CERT Advisory CA-2003-12 Buffer Overflow in Sendmail CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail CERT Advisory CA-2003-25 Buffer Overflow in Sendmail
Add a comment

CVE Links

CVE #Description
CVE-1999-95 "The debug command in Sendmail is enabled
CVE-1999-96 "Sendmail decode alias can be used to overwrite sensitive files."
CVE-1999-203 "In Sendmail
CVE-1999-204 "Sendmail 8.6.9 allows remote attackers to execute root commands
CVE-1999-204 "Sendmail 8.6.9 allows remote attackers to execute root commands
CVE-1999-207 "Remote attacker can execute commands through Majordomo using the Reply-To field and a ""lists"" command."
CVE-1999-261 "Netmanager Chameleon SMTPd has several buffer overflows that cause a crash."
CVE-1999-404 "Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution."
CVE-1999-531 "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities
CVE-1999-1200 "Vintra SMTP MailServer allows remote attackers to cause a denial of service via a malformed ""EXPN *@"" command."
CVE-2000-42 "Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command."
CVE-2000-343 "Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header."
CVE-2000-490 "Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request."
CVE-2000-1006 "Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified
CVE-2001-260 "Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long ""RCPT TO"" command."
CVE-2002-1337 "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields
CVE-2003-161 "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types
CVE-2003-714 "The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request
CVE-2003-719 "Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library
CVE-2004-120 "The Microsoft Secure Sockets Layer (SSL) library
CVE-2004-333 "Buffer overflow in the UUDeview package
CVE-2004-399 "Stack-based buffer overflow in Exim 3.35
CVE-2004-400 "Stack-based buffer overflow in Exim 4 before 4.33