Port Details - Port 25

Aug 03 18,719 Aug 04 18,855 Aug 05 20,546 Aug 06 16,149 Aug 07 15,390 Aug 08 15,093 Aug 09 19,962 Aug 10 19,120 Aug 11 17,485 Aug 12 17,907 Aug 13 15,667 Aug 14 12,056 Aug 15 10,212 Aug 16 15,838 Aug 17 16,826 Aug 18 17,557 Aug 19 14,616 Aug 20 14,529 Aug 21 13,795 Aug 22 12,218 Aug 23 13,469 Aug 24 14,918 Aug 25 14,427 Aug 26 12,270 Aug 27 11,626 Aug 28 9,299 Aug 29 7,971 Aug 30 9,175 Aug 31 11,211 Sep 01 11,214 Sep 02 5,200 Aug 03 7,401 Aug 04 7,563 Aug 05 9,414 Aug 06 5,336 Aug 07 4,665 Aug 08 6,337 Aug 09 7,118 Aug 10 5,840 Aug 11 6,107 Aug 12 5,823 Aug 13 5,340 Aug 14 5,500 Aug 15 6,046 Aug 16 7,255 Aug 17 7,037 Aug 18 5,152 Aug 19 6,570 Aug 20 4,445 Aug 21 4,521 Aug 22 4,741 Aug 23 10,151 Aug 24 8,048 Aug 25 9,037 Aug 26 9,428 Aug 27 7,767 Aug 28 8,489 Aug 29 9,945 Aug 30 9,337 Aug 31 6,413 Sep 01 5,850 Sep 02 3,519
[show ascii data]
  • Start Date:
  • End Date:
  • Port:
  • Left Graph:
  • Right Graph:
  • Show Range:Yes No

Port Information

ProtocolServiceName
udpsmtpSimple Mail Transfer
tcpsmtpSimple Mail Transfer
tcpWinPC[trojan] WinPC
tcpMoscowEmailtrojan[trojan] Moscow Email trojan
tcpNaebi[trojan] Naebi
tcpNewAptworm[trojan] NewApt worm
tcpProMailtrojan[trojan] ProMail trojan
tcpShtirlitz[trojan] Shtirlitz
tcpWinSpy[trojan] WinSpy
tcpStealth[trojan] Stealth
tcpStukach[trojan] Stukach
tcpTapiras[trojan] Tapiras
tcpTerminator[trojan] Terminator
tcpMBT[trojan] MBT (Mail Bombing Trojan)
tcpMBTMailBombingTrojan[trojan] MBT (Mail Bombing Trojan)
tcpMagicHorse[trojan] Magic Horse
tcpAntigen[trojan] Antigen
tcpBarok[trojan] Barok
tcpBSE[trojan] BSE
tcpEmailPasswordSender[trojan] Email Password Sender - EPS
tcpEPSII[trojan] EPS II
tcpGip[trojan] Gip
tcpGris[trojan] Gris
tcpHappy99[trojan] Happy99
tcpHpteammail[trojan] Hpteam mail
tcpHybris[trojan] Hybris
tcpIloveyou[trojan] I love you
tcpKuang2[trojan] Kuang2
tcpAjan[trojan] Ajan
[get complete service list]

User Comment

Submitted ByDate
Comment
Richard Ashford - www.insysnet.com2004-10-28 05:16:21
There has been a significant rise in SMTP port 25 traffic likely due to the Netsky and Bagle worms (notice the SMTP absolute figures over the past 40 days). Mail servers across the internet appear to be being bombarded. I have also seen an affect on a number of websites - my assumption is that unpatched systems and badly configured firewalls are allowing out internal traffic on port 25 to spread the worm variants - this outgoing traffic is disrupting outgoing web server traffic. I have noticed problems with a number of different ISPs and with some of clients with mail servers directly on the internet. I believe that the Virus vendors have significantly under-estimated the distribution of these mass-email worms. Apart from the obvious patches and up-to-date Virus software, my advice is close down outgoing port 25 to all but internal mail servers and ensure all mail is routed through the internal servers - this will prevent any infected systems from spreading the worm further. Let's hope this settles down over the next few days, otherwise it has the potential to bring the internet to it's knees.
Marcus H. Sachs, SANS Institute2003-10-10 00:34:57
SANS Top-20 Entry: U6 Sendmail http://isc.sans.org/top20.html#u6 Sendmail is the program that sends, receives, and forwards most electronic mail processed on UNIX and Linux systems. Sendmail is the most popular Mail Transfer Agent (MTA) and its widespread use on the Internet has historically made it a prime target of attackers, resulting in numerous exploits over the years. Most of these exploits are successful only against older or unpatched versions of the software. Despite the fact that the known vulnerabilities are well documented and have been repaired in newer releases, there remain so many outdated or misconfigured versions still in use today that Sendmail remains one of the most frequently attacked services. Among the most recent critical vulnerabilities are: CERT Advisory CA-2003-12 Buffer Overflow in Sendmail CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail CERT Advisory CA-2003-25 Buffer Overflow in Sendmail
Add a comment

CVE Links

CVE #Description
CVE-1999-95 "The debug command in Sendmail is enabled
CVE-1999-96 "Sendmail decode alias can be used to overwrite sensitive files."
CVE-1999-203 "In Sendmail
CVE-1999-204 "Sendmail 8.6.9 allows remote attackers to execute root commands
CVE-1999-204 "Sendmail 8.6.9 allows remote attackers to execute root commands
CVE-1999-207 "Remote attacker can execute commands through Majordomo using the Reply-To field and a ""lists"" command."
CVE-1999-261 "Netmanager Chameleon SMTPd has several buffer overflows that cause a crash."
CVE-1999-404 "Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution."
CVE-1999-531 "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities
CVE-1999-1200 "Vintra SMTP MailServer allows remote attackers to cause a denial of service via a malformed ""EXPN *@"" command."
CVE-2000-42 "Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command."
CVE-2000-343 "Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header."
CVE-2000-490 "Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request."
CVE-2000-1006 "Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified
CVE-2001-260 "Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long ""RCPT TO"" command."
CVE-2002-1337 "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields
CVE-2003-161 "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types
CVE-2003-714 "The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request
CVE-2003-719 "Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library
CVE-2004-120 "The Microsoft Secure Sockets Layer (SSL) library
CVE-2004-333 "Buffer overflow in the UUDeview package
CVE-2004-399 "Stack-based buffer overflow in Exim 3.35
CVE-2004-400 "Stack-based buffer overflow in Exim 4 before 4.33