Re: [fw-wiz] sendmail spamming
From: Don Jones (don.jones_at_linuxmail.org)
Date: 05/30/03
- Previous message: Bob Wanamaker - Avant Systems, Inc.: "RE: [fw-wiz] Home Environment Cisco"
- Maybe in reply to: Robert E. Martin: "[fw-wiz] sendmail spamming"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Fri, 30 May 2003 16:31:10 +1200
> I noticed CPU activity spikes on the email server and found that our web
> server was spamming our email server due to the classic formmail exploit.
Can I suggest replacing all your cgi scripts downloaded from the web with secure alternatives. There is a sourceforge project called nms ( http://nms-cgi.sourceforge.net/ ) whose aim is to write secure versions of many common cgi scripts ( http://nms-cgi.sourceforge.net/scripts.shtml ). As others have pointed out there are tools like rfp's whisker which are designed to find insecure cgi's which can then be used as spam relays or mailbomb (MTA/MUA DoS) relays.
Re: [fw-wiz] traffic analysis
In regards to the log analysis, perl extreamly well suited for this task as there are many modules avalible ( http://search.cpan.org/ ) and it has very strong regex and text processing capabilities. It is a true swiss army chainsaw for any sys admin/network engineer.
Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network
irc.freenode.net is usually my first port of call for tech support (eg I was on #sendmail today, and solved a mailserver issue.), but it's is not exactly a valid tool for most users, but can be for techies.
"The rules of proprietary software break down cooperation between programmers separated by company boundaries, even when such cooperation can be of benefit to both organizations."
-- ______________________________________________ http://www.linuxmail.org/ Now with e-mail forwarding for only US$5.95/yr Powered by Outblaze _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Bob Wanamaker - Avant Systems, Inc.: "RE: [fw-wiz] Home Environment Cisco"
- Maybe in reply to: Robert E. Martin: "[fw-wiz] sendmail spamming"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
