: On Fri, 27 Jul 2001 20:16:06 +0200 (CEST), Sven Koch wrote:
On Fri, 27 Jul 2001, Stefan Hoffmeister wrote:
why would anyone want to continue to talk to a non-existing SMTP server on a dynamic IP (/var/log/firewall log excerpt below)?
I think the user of this ip before you used his host for a mailserver with a MX record still pointing to this ip. (possible with dyndns)
Agreed - but why about 75 connection attempts (from the same IP to the same IP) within a five hour period? (Checking again, that person seems to have persisted for a grand total of 12 hours) Tobias Abt commented in private email <quote> To find an open mail relay for spam. </quote> I could understand that if it was just "a few" connection attempts.
I figure that the other side had some kind of ... hiccup?
Similarly, why would someone want to literally keep spamming port 6346 (GNUtella?) for almost two hours considering that there is exactly nothing that will reply?
If this IP was seen on the gnutella-network before you got it, hosts will try it for hours to connect to the network. (the clients log the ips they saw and try them when reconnecting)
Same here - why about 300 attempts (from the same IP to the same IP) within 90 minutes? This seems to be a tad bit aggressive?
Getting this junk is the fun of dynip ;)
Since I don't have any ports open on that one and only dynamic IP, I have seen plenty of failed connection attempts (on trojan and sundry exploitable ports), but, IIRC, I have never seen anyone persisting so *stubbornly* to connect to something that simply "is not there". And that is what irritates me. Stefan