The Blog for BoomaRoo - The Hosting , ISP Guru's

 
alt

The ACE in Action @ Boomaroo - Hosting / ISP Blog

 

84 SMTP connect/disconnect - 74.165.0.251

The ACE  3 May 2012 12:58:49 PM
These guys should be embarassed to call themselves hackers. The connect and then disconnect to one of our SMTP (Email) servers 84 times in under 5 minutes. Well the server "almost" crashed under the strain - NOT, the logs say that the CPU usage was almost 10%, these guys are monkeys :)

TCPIP: 74.165.0.251 - Hostname: adsl-074-165-000-251.sip.asm.bellsouth.net  - Country: USA TLD  - Session Count: 84

03/05/2012 11:47:54 AM - TCPIP - 74.165.0.251
03/05/2012 11:47:58 AM - ehlo server

03/05/2012 11:47:13 AM - TCPIP - 74.165.0.251
03/05/2012 11:47:14 AM - ehlo server
03/05/2012 11:47:16 AM - auth login

03/05/2012 11:44:55 AM - TCPIP - 74.165.0.251
03/05/2012 11:44:56 AM - ehlo server
03/05/2012 11:44:57 AM - auth login

03/05/2012 11:48:01 AM - TCPIP - 74.165.0.251
03/05/2012 11:48:02 AM - ehlo server
03/05/2012 11:48:04 AM - auth login

As soon as our SMTP server had closed all the connections, a connection with an immediate disconnect was made from TCP IP Address - 200.124.228.52 - bioanuncios11.com

03/05/2012 11:56:08 AM  SMTP Server: bioanuncios11.com (200.124.228.52) connected
03/05/2012 11:56:09 AM  SMTP Server: bioanuncios11.com (200.124.228.52) disconnected. 0 message[s] received

I wonder if they were shocked that their pathetic attempts to crash the server were unsuccessful, after all these Monkeys are just so "powerful" aren't they.

Then almost exactly 1 hour later someone connected and disconnected again, I guess they were just checking if they had crashed the server again.

03/05/2012 12:58:00 PM  SMTP Server: arvx82.apwigmake.net (174.132.161.82) connected
03/05/2012 12:58:00 PM  SMTP Server: arvx82.apwigmake.net (174.132.161.82) disconnected. 0 message[s] received