Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Incidents
Real-world attacks on sendmail CA-2003-07 seen Mar 07 2003 05:37PM
Bennett Todd (bet rahul net) (2 replies)
Re: Real-world attacks on sendmail CA-2003-07 seen Mar 08 2003 03:31AM
jlewis lewis org (1 replies)
Re: Real-world attacks on sendmail CA-2003-07 seen Mar 10 2003 06:52PM
Bennett Todd (bet rahul net) (1 replies)
Re: Real-world attacks on sendmail CA-2003-07 seen Mar 10 2003 08:56PM
Juan Gallego (Little Boss physics mcgill ca) (1 replies)
On 2003-03-10 13:52-0500, Bennett Todd <bet (at) rahul (dot) net [email concealed]> wrote:

| Tancsa was right, and that what I was actually seeing was spam
| that provoked this log message, and not an attempt at exploiting
| CA-2003-07 after all.

i have to agree. althought i don't have the original messages, i happen to
log email subjects, and they have spam written all over them.

hth,
--
juan

--- begin syslog snippet (prettified for clarity) ---

Mar 10 02:01:04 mandos sendmail[18722]: h2A70mA18722: [rbl]subject:Gain 3 Full Inches In Length[64.15.239.131]
Mar 10 02:01:04 mandos sendmail[18722]: h2A70mA18722: from=<nobody (at) cgi14.interq (dot) net [email concealed]>, size=2351, class=0, nrcpts=1, msgid=<200303100702.QAA17631 (at) cgi14.interq (dot) net [email concealed]>, proto=SMTP, daemon=MTA, relay=mail.bigfoot.com [64.15.239.131]
Mar 10 02:01:04 mandos sendmail[14378]: h2A70mA18722: Dropped invalid comments from header address
Mar 10 02:01:04 mandos sendmail[14378]: h2A70mA18722: to=<pellet (at) physics.mcgill (dot) ca [email concealed]>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31532, dsn=2.0.0, stat=Sent
Mar 10 15:13:41 mandos sendmail[18808]: h2AKDeA18808: [rbl]subject:WE HAVE HELPED 700,000 MEN LIKE YOU [210.157.1.23]
Mar 10 15:13:42 mandos sendmail[18808]: h2AKDeA18808: from=<nobody (at) cgi18.interq (dot) net [email concealed]>, size=2115, class=0, nrcpts=1, msgid=<200303102015.FAA29778 (at) cgi18.interq (dot) net [email concealed]>, proto=ESMTP, daemon=MTA, relay=cgi18.interq.net [210.157.1.23]
Mar 10 15:13:44 mandos sendmail[13178]: h2AKDeA18808: Dropped invalid comments from header address
Mar 10 15:13:45 mandos sendmail[13178]: h2AKDeA18808: to=lilleym@balrog, delay=00:00:04, xdelay=00:00:03, mailer=esmtp, pri=31531, relay=balrog.physics.mcgill.ca. [132.206.123.41], dsn=2.0.0, stat=Sent (PAA04506 Message accepted for delivery)

------------------------------------------------------------------------
----

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

[ reply ]
Re: Real-world attacks on sendmail CA-2003-07 seen Mar 11 2003 02:30AM
gabriel rosenkoetter (gr eclipsed net)
Re: Real-world attacks on sendmail CA-2003-07 seen Mar 08 2003 12:57AM
Mike Tancsa (mike sentex net) (2 replies)
Re: Real-world attacks on sendmail CA-2003-07 seen Mar 10 2003 06:40PM
Jeff Kell (jeff-kell utc edu)
Re: Real-world attacks on sendmail CA-2003-07 seen Mar 09 2003 02:41PM
Bennett Todd (bet rahul net) (1 replies)
worm/Trojans are taking advantage of default path of Windows Mar 11 2003 03:35AM
kyle kylelai com







 

Privacy Statement
Copyright 2009, SecurityFocus