Re: Real-world attacks on sendmail CA-2003-07 seen
From: Juan Gallego (Little.Boss@physics.mcgill.ca)
Date: 03/10/03
- Previous message: Jeremy Junginger: "UPDATE: Possibly Unknown Virus? Care to help me analyze?!?"
- In reply to: Bennett Todd: "Re: Real-world attacks on sendmail CA-2003-07 seen"
- Next in thread: gabriel rosenkoetter: "Re: Real-world attacks on sendmail CA-2003-07 seen"
- Reply: gabriel rosenkoetter: "Re: Real-world attacks on sendmail CA-2003-07 seen"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 Mar 2003 15:56:22 -0500 From: Juan Gallego <Little.Boss@physics.mcgill.ca> To: Bennett Todd <bet@rahul.net>
On 2003-03-10 13:52-0500, Bennett Todd <bet@rahul.net> wrote:
| Tancsa was right, and that what I was actually seeing was spam
| that provoked this log message, and not an attempt at exploiting
| CA-2003-07 after all.
i have to agree. althought i don't have the original messages, i happen to
log email subjects, and they have spam written all over them.
hth,
-- juan --- begin syslog snippet (prettified for clarity) --- Mar 10 02:01:04 mandos sendmail[18722]: h2A70mA18722: [rbl]subject:Gain 3 \ Full Inches In Length[64.15.239.131] Mar 10 02:01:04 mandos sendmail[18722]: h2A70mA18722: \ from=<nobody@cgi14.interq.net>, size=2351, class=0, nrcpts=1, \ msgid=<200303100702.QAA17631@cgi14.interq.net>, proto=SMTP, \ daemon=MTA, relay=mail.bigfoot.com [64.15.239.131] Mar 10 02:01:04 mandos sendmail[14378]: h2A70mA18722: Dropped invalid \ comments from header address Mar 10 02:01:04 mandos sendmail[14378]: h2A70mA18722: \ to=<pellet@physics.mcgill.ca>, delay=00:00:00, \ xdelay=00:00:00, mailer=local, pri=31532, dsn=2.0.0, stat=Sent Mar 10 15:13:41 mandos sendmail[18808]: h2AKDeA18808: [rbl]subject:WE HAVE \ HELPED 700,000 MEN LIKE YOU [210.157.1.23] Mar 10 15:13:42 mandos sendmail[18808]: h2AKDeA18808: \ from=<nobody@cgi18.interq.net>, size=2115, class=0, nrcpts=1, \ msgid=<200303102015.FAA29778@cgi18.interq.net>, proto=ESMTP, \ daemon=MTA, relay=cgi18.interq.net [210.157.1.23] Mar 10 15:13:44 mandos sendmail[13178]: h2AKDeA18808: Dropped invalid \ comments from header address Mar 10 15:13:45 mandos sendmail[13178]: h2AKDeA18808: to=lilleym@balrog, \ delay=00:00:04, xdelay=00:00:03, mailer=esmtp, pri=31531, \ relay=balrog.physics.mcgill.ca. [132.206.123.41], dsn=2.0.0, \ stat=Sent (PAA04506 Message accepted for delivery) ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
- Previous message: Jeremy Junginger: "UPDATE: Possibly Unknown Virus? Care to help me analyze?!?"
- In reply to: Bennett Todd: "Re: Real-world attacks on sendmail CA-2003-07 seen"
- Next in thread: gabriel rosenkoetter: "Re: Real-world attacks on sendmail CA-2003-07 seen"
- Reply: gabriel rosenkoetter: "Re: Real-world attacks on sendmail CA-2003-07 seen"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
